Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC VPN site-to-site - No route to add

We have an ipsec tunnel local subnet: 10.2.226.0/24 remote subnet: 10.227.0.0/16

the local_subnet was the NATted subnet of others subnets.

When the tunnel is up, no traffic to 10.227.0.0/16 In the strongswan.log, we can view the firewall don't want to add the route:

2023-03-17 15:18:04Z 28[APP] [COP-UPDOWN] (do_cop_updown_invoke_once) [ipsec0] skip route add since remote subnet is 10.227.0.0/16, src_ip 192.168.199.253 2023-03-17 15:18:04Z 28[APP] [COP-UPDOWN] (add_routes) no routes to add for TEST on interface ipsec0

and a route -n, we not seeing the route: XG135_XN03_SFOS 19.5.1 MR-1-Build278# route -n 

0.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 Port8
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 LACP_SRV
10.0.2.0 10.0.1.254 255.255.255.0 UG 20 0 0 LACP_SRV
10.0.3.0 10.0.1.254 255.255.255.0 UG 20 0 0 LACP_SRV
10.0.4.0 10.0.1.254 255.255.255.0 UG 20 0 0 LACP_SRV
10.0.5.0 10.0.1.254 255.255.255.0 UG 20 0 0 LACP_SRV
10.0.6.0 10.0.1.254 255.255.255.0 UG 20 0 0 LACP_SRV
10.0.8.0 0.0.0.0 255.255.255.0 U 0 0 0 LACP_SRV.7
10.0.9.0 0.0.0.0 255.255.255.0 U 0 0 0 LACP_SRV.9
10.0.100.0 10.0.1.254 255.255.255.0 UG 20 0 0 LACP_SRV
109.7.27.240 0.0.0.0 255.255.255.248 U 0 0 0 Port2
172.16.1.0 172.16.7.253 255.255.255.0 UG 20 0 0 Port3
172.16.2.0 172.16.7.253 255.255.255.0 UG 20 0 0 Port3
172.16.4.0 172.16.7.253 255.255.255.0 UG 20 0 0 Port3
172.16.7.0 0.0.0.0 255.255.255.0 U 0 0 0 Port3
172.16.8.0 172.16.7.253 255.255.255.0 UG 20 0 0 Port3
172.16.9.0 172.16.7.253 255.255.255.0 UG 20 0 0 Port3
172.16.200.0 172.16.7.253 255.255.255.0 UG 20 0 0 Port3
172.16.204.0 172.16.7.253 255.255.255.0 UG 20 0 0 Port3
192.168.33.0 172.16.7.253 255.255.255.0 UG 20 0 0 Port3
192.168.101.0 0.0.0.0 255.255.255.0 U 0 0 0 Port7
192.168.254.0 0.0.0.0 255.255.255.0 U 0 0 0 Port4

If i use no natted subnet, it's working. Can you help us ?



This thread was automatically locked due to age.