IPsec sending traffic to wrong interface

jamesonp

I'm trying to setup a mobile client IPsec VPN tunnel. I already have an IPsec tunnel successfully setup to Azure and am running a few VMs over there.

My network configuration is as follows:

VLAN 10 [Home]- 192.168.1.0/24
VLAN 11 [Guest] - 10.1.1.0/24
VLAN 12 [VMs] - 10.1.2.0/24
VLAN 13 [Legacy] - 10.1.3.0/24
Azure - 10.0.5.0/24

IPsec Mobile Client settings:

Mobile client tab
Phase 1
Phase 2

The device on the other end is running Android with the native IPsec client. The issue I'm having is only the 192.168.1.0/24 VLAN subnet is accessible over the IPsec tunnel. All the other phase 2 entries are being routed to the wrong interface as seen below in the states table:

IPsec    icmp    10.0.100.1:218 -> 10.0.5.4:218    0:0    1 / 0    84 B / 0 B    
IPsec    icmp    10.0.100.1:220 -> 10.0.5.4:220    0:0    1 / 0    84 B / 0 B    
IPsec    icmp    10.0.100.1:221 -> 10.0.5.4:221    0:0    1 / 0    84 B / 0 B
IPsec    tcp    10.0.100.1:37926 -> 10.1.2.18:80    SYN_SENT:ESTABLISHED    6 / 11    360 B / 660 B    
IPsec    tcp    10.0.100.1:37927 -> 10.1.2.18:80    SYN_SENT:ESTABLISHED    6 / 11    360 B / 660 B    
IPsec    tcp    10.0.100.1:38436 -> 10.1.2.16:80    CLOSED:SYN_SENT    7 / 0    420 B / 0 B    
IPsec    tcp    10.0.100.1:38437 -> 10.1.2.16:80    CLOSED:SYN_SENT    7 / 0    420 B / 0 B    
IPsec    tcp    10.0.100.1:47377 -> 10.1.2.1:80    SYN_SENT:ESTABLISHED    7 / 11    420 B / 660 B    
IPsec    tcp    10.0.100.1:47378 -> 10.1.2.1:80    SYN_SENT:ESTABLISHED    7 / 11    420 B / 660 B
HOME    tcp    10.0.100.1:48095 -> 192.168.1.19:8080    ESTABLISHED:ESTABLISHED    74 / 43    17 KiB / 13 KiB
HOME    tcp    10.0.100.1:48158 -> 192.168.1.19:8080    ESTABLISHED:ESTABLISHED    37 / 20    8 KiB / 6 KiB

Anybody have any ideas?