Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 3412 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

v18 MR-3 IPsec unstable with SWDAN

Carlos Cesario

Hello, Im running v18 MR-3 over 5 days and Im having a serious problem.

Currently we have a Ipsec tunnel established and working.

I have created a SDWAN rule to direct my traffic to internet using my WAN interface

and I have configured the route precedence to  

Routing Precedence:
1. VPN routes
2. Static routes
3. SD-WAN policy routes

The traffic From HO to Bo over ipsec interface it works correctly, but in random momments some hosts from BO Lan when try access hosts to HO Lan has the access interruped.

With a little troubleshooting I could check that in this momment the Hosts from BO try access the hosts to HO over WAN interface, even the ipsec tunnel is UP and other hosts from the same subnet BO LAN is working over IPSEC tunnel.

It seems that route precedence stop to works and redicrect the traffic over SDWAN rule. 

Does someone has any experience like this!?

Regards

Carlos



This thread was automatically locked due to age.
Parents
  • 0

    Hi Folks, only to report.

    This problem does not happen with the IPSEC Tunnels are connected by "Tunnel Mode" and using BGP for routing protocol.

    When I changed my environment using this, replaced Site-To-Site tunnel to Tunel Mode iPsec VPNs and put BGP to do the routing, the SWDAN it works as expected.

    Regards

    Carlos

Reply
  • 0

    Hi Folks, only to report.

    This problem does not happen with the IPSEC Tunnels are connected by "Tunnel Mode" and using BGP for routing protocol.

    When I changed my environment using this, replaced Site-To-Site tunnel to Tunel Mode iPsec VPNs and put BGP to do the routing, the SWDAN it works as expected.

    Regards

    Carlos

Children
No Data
Unfiltered HTML