Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Phase 2 - Mixing VTI/Tunnel Mode

    Scheduled Pinned Locked Moved
    IPsec
    1
    1
    185
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Matt_Sharpe
      last edited by

      Hi Guys,

      I had another topic open for a resolution an issue we've got where a customer wants to NAT an IP on an IPsec to direct traffic to another isolated network. We was provided a resolution/workaround below which involved adding a new P2 tunnel.

      https://forum.netgate.com/topic/177905/ipsec-dnat-not-working?_=1685971552379

      I've got this working on a lab, but not on production. I'm curious if the order of Phase 2 tunnels matter?

      If I put the main tunnel at the top of the list (VTI tunnel) both tunnels establish but networking drops over this tunnel.
      If I put the tunnel mode P2 workaround (for the NAT issue) at the top, the tunnel doesn't establish at all but the main tunnel works as expected.

      I'm of course wanting both tunnels to establish and neither to drop traffic.

      Any advice or suggestions would be awesome :)

      1 Reply Last reply Reply Quote 0
      • First post
        Last post