Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 27 replies
  • Subscribers 2 subscribers
  • Views 79306 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Issues with IPSec site-to-site to ASG behind/ in front of NAT

coewar
There is a problem with the AMI. When creating an IPsec site-to-site VPN connection, it's assuming to use the Internal NIC's private IP which is wrong. And hence the opposite router has errors like this:

 we require peer to have ID 'xx.xx.xx.xx', but
peer declares '10.243.45.92'

where 'xx.xx.xx.xx' is the public IP of the Astaro.

I have tested also by creating 2 Astaro EC2 instances and they can't VPN to each other.

So then I also tried adding my own IP alias to the Internal NIC, and I can't! It complains saying that it's write-protected.

I assume these things will be fixed?


This thread was automatically locked due to age.
Parents
  • 0
    Thanks for the move.

    I didn't try that and funny is that the Astaro help says to just ignore that option. [:)]  But after trying that it seems to not even care I put anything in it.
    After setting it (the same way on both Astaro routers) the high level site-to-site summary screen still shows me the below:

    Astaro AWS #1 VPN [0 of 1 IPSec SAs established]

    SA: 10.243.45.92/32=10.243.45.92 xx.xx.xx.xx=10.80.211.54/32
    VPN ID: 10.243.45.92
    Error: No connection


    What I'm expecting is it to show me this:

    Astaro AWS #1 VPN [0 of 1 IPSec SAs established]

    SA: yy.yy.yy.yy/32=10.243.45.92 xx.xx.xx.xx=10.80.211.54/32
    VPN ID: 10.243.45.92
    Error: No connection

    where yy.yy.yy.yy is the public IP of router #1 and xx.xx.xx.xx is public IP of router #2.

    Or at least, with this VPN ID change, I'd expect to see:


    Astaro AWS #1 VPN [0 of 1 IPSec SAs established]

    SA: 10.243.45.92/32=10.243.45.92 xx.xx.xx.xx=10.80.211.54/32
    VPN ID: yy.yy.yy.yy
    Error: No connection
Reply
  • 0
    Thanks for the move.

    I didn't try that and funny is that the Astaro help says to just ignore that option. [:)]  But after trying that it seems to not even care I put anything in it.
    After setting it (the same way on both Astaro routers) the high level site-to-site summary screen still shows me the below:

    Astaro AWS #1 VPN [0 of 1 IPSec SAs established]

    SA: 10.243.45.92/32=10.243.45.92 xx.xx.xx.xx=10.80.211.54/32
    VPN ID: 10.243.45.92
    Error: No connection


    What I'm expecting is it to show me this:

    Astaro AWS #1 VPN [0 of 1 IPSec SAs established]

    SA: yy.yy.yy.yy/32=10.243.45.92 xx.xx.xx.xx=10.80.211.54/32
    VPN ID: 10.243.45.92
    Error: No connection

    where yy.yy.yy.yy is the public IP of router #1 and xx.xx.xx.xx is public IP of router #2.

    Or at least, with this VPN ID change, I'd expect to see:


    Astaro AWS #1 VPN [0 of 1 IPSec SAs established]

    SA: 10.243.45.92/32=10.243.45.92 xx.xx.xx.xx=10.80.211.54/32
    VPN ID: yy.yy.yy.yy
    Error: No connection
Children
No Data
Unfiltered HTML