IPSEC tunnel between two sites not working as it should



  • For about two years now I have a site-to-site IPSEC tunnel between my main site and backup site.
    Recently I've started with network segmentation (vlans) on my main site (A). After a few months of running stable on site A I've decided to also implement this on my backup site (B).

    After adjusting the IPSEC with a new phase 2 that allows from site A 192.0.0.0/18 towards site B 192.0.64.0/18 it seems that the tunnel isn't working as it should.

    I can RDP, VNC towards the servers on site B, and from site B towards the servers of site A. But when I try to access let's say the webinterface of the switches on site B I'm hitting and blank pages and receive timeouts in putty while I'm SSH'ed into the switch.

    Or I see DNS issues for my AD (MS server 2016) and replication acting very strangely.

    Pings work within normal delays +- 20ms.

    The set up is a follows
    Site A and site B

    • LAG with vlans

    • Interfaces assigned to LAG with corresponding vlan

    • Network settings set (e.g. interface address static)

    • FW rules set to basic any-any, same goes for IPSEC

    -- removed images for privacy --

    The switches are set (to my knowledge) correctly and have inter-vlan capability.

    And it all worked before I implemented VLANs on site B. I'm feeling I'm overlooking something and it's driving me nuts.

    If someone encountered something similar or has some pointers they are really appreciated :)



  • Issue resolved!

    Believe it or not it was a f****** reboot that solved it...
    Probably the firewall still had some old caches or something still in it's memory...


Log in to reply