zero route breaks BOVPN
Hello,
I have a properly working IPsec tunnel between Site A and Site B with the current configuration:
192.168.89.0/24 ⇔ 192.168.70.0/24
I now want to convert this to a zero-tunnel route to send all traffic from Site A to the internet via Site B and apply traffic rules at Site B.
I modified the tunnel configuration as follows:
Site A: ANY ⇔ 192.168.70.0/24
Site B: 192.168.70.0/24 ⇔ ANY
After this change, the tunnel went down. Side B's traffic monitor shows:
Reason=Received unacceptable traffic selector in CREATE_CHILD_SA request.
NAT on both sides is configured with 192.168.0.0/16 to any External.
Any thoughts on why this is failing and how to resolve it?
Many thanks.
0
Sign In to comment.
Comments
Local managed firewalls?
ANY = 0.0.0.0/0 ?
Both local managed
I am failing to specifically enter 0.0.0.0/0 into tunnel settings. I am getting message that /0 is unacceptable. All I can use is pre-defined "AnyIP"
Web UI or WSM Policy Manager?
I use Policy Manager and have no problem entering 0.0.0.0/0
What version of Fireware?
Could be a bug
Latest version meaning 12.11.4 ?
12.11.4 yes,
It doesn't look like a bug. if I choose 'Network IP4' and insert 0.0.0.0/0 I am getting "The valid remote IP netmask prefix values are 1 - 32" . 'AnyIP' choice doesn't have parameters.
I will try WSM Policy Manager today, see if it is any different.
If A site has 192.168.89.0/24 network and B site has 192.168.70.0/24 network
and you want A site to browse out to internet via B site.
Then the tunnel routing should look like this:
A site BOVPN config.
192.168.89.0/24 – 0.0.0.0/0 (Any
B site BOVPN config
0.0.0.0/0 (Any) - 192.168.89.0/24