Now the traffic is accepted, but not encrypted and routed over the tunnel.Īny tips to troubleshoot any further are welcome. I tried to accept the traffic and use source NAT for this specifc traffic. This traffic was first dropped ofcourse on our firewall since the rule I created uses the expected source ip. There is a route for the BGP peer in Azure (connected to vpnt interface).Ģ) BGP traffic initiated from our firewall, uses a funny ip as its source ip. But now we do use routed based and I have configured empty VPN domains as mentoined in the sk. Normally with a policy based VPN, the VPN domains is the first thing I look at. We will use BGP over the tunnel and now I am facing 2 different issues causing the BGP peer in active state instead of established.ġ) BGP traffic from azure arives at our firewall, but is dropped with the reason "According to the policy the packet should not have been decrypted" ![]() Now the tunnel is up (phase 1 and 2) and BGP traffic from azure arives at our firewall. Before using SNMP with VSX Gateway / VSX Cluster, relevant security rules must be installed in order to allow the SNMP traffic (refer to section '(II) SNMP configuration '). We want to setup a new S2S VPN (routebased) with Azure. Chapter 6 Managing VSX Clusters Configuration Overview. We have a VSX setup with SMS, running both on R81.10 with JHF take 87. ![]() A nice new feature in VSX R81 is that we can create vpnt interfaces on a virtual firewall, using vsx_provisioning_tool on the SMS/MDS.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |