Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Tunneling between IPsec -> Traffic selector wrong

    IPsec
    1
    1
    285
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TammyC
      last edited by

      Hi,

      i have two IPsec tunnels between two different locations. The Netgate is in between both, and should allow the traffic from Location A to flow to Location B.
      I have IPsec Tunnels to both sites, and Phase1 as Phase2 is up and running.
      To access the Network on Site B, i do NAT all SAs on a virtual IP. So the traffic that flows in Site B appears with a source IP of the NATed IP.

      So far so good. The only issue that I have is multiple Child SAs, and what is very strange, the traffic selection is done wrong. The local subnet that is show and used for the child SA is somehow randomly choosen, and not linked to the network where the traffic is coming from. When there are double child SAs there is no traffic flow anymore thru the tunnel, as long as their is a dublicate. I might have two issues here.

      I have some difficulties to explain myself here. So maybe this helps:

      Im going to ping from 10.47.72.80 to 10.170.47.1. The ping is going thru. But the only active SA is:

      snip1.JPG

      P2 config:
      snip2.JPG

      P2 NAT:
      snip3.JPG

      When I disable the 172.31.0.0 P2, another random subnet is picked and shown as traffic selector.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.