Re: Traffic not fully routing throu the tunnel

raul saurez · ‎03-20-2023

I am not able to route traffic fully through the tunnel. It is up and I can ping across to the other side of the tunnel. I can also jump on a host in Non-Prod VPC 1, DCS VPC, Prod VPC(example host from Non-Prod-10.16.22.100) and ping the CSR on the other side of the tunnel in the Datacenter VPC (10.4.0.233). But I cant ping to the next hop in the Datacenter VPC which is either the Bind(10.4.13.27) or DC(10.4.16.10) servers. Moreover, I can ping from the CSR side(Datacenter VPC) to any of the other VPC's at all. Not from the CSR or bind/dc server in 10.4. I checked all of the routing on the VPC's, security groups. On the CSR BGP is up and routes look good. I am not sure what I am missing. Can anyone help me? I have attached the diagram and the config. Thank you!!!

MHM Cisco World · ‎03-20-2023

I believe the IPsec profile is issue here
you use same tunnel source for four tunnels and use ipsec profile,
as I know when multi tunnel use same tunnel source then the profile must be with keyword "shared"
so please add keyword shared into two tunnel and check if success add it to all other four tunnel

raul saurez · ‎03-20-2023

It did not work. Should I do all four?

raul saurez · ‎03-22-2023

I have tried all four tunnels and still the same problem. Does everything else look correct to you?

MHM Cisco World · ‎03-23-2023

I check your config
I follow steps by steps
I run lab and use same crypto keyring and crypto isakmp profile and crypto ipsec profile
and it run without any issue
so troubleshooting
show crypto isakmp sa
show ip bgp neighbors <<- check that all four neighbors is appear