03-20-2023 02:41 PM
I am not able to route traffic fully through the tunnel. It is up and I can ping across to the other side of the tunnel. I can also jump on a host in Non-Prod VPC 1, DCS VPC, Prod VPC(example host from Non-Prod-10.16.22.100) and ping the CSR on the other side of the tunnel in the Datacenter VPC (10.4.0.233). But I cant ping to the next hop in the Datacenter VPC which is either the Bind(10.4.13.27) or DC(10.4.16.10) servers. Moreover, I can ping from the CSR side(Datacenter VPC) to any of the other VPC's at all. Not from the CSR or bind/dc server in 10.4. I checked all of the routing on the VPC's, security groups. On the CSR BGP is up and routes look good. I am not sure what I am missing. Can anyone help me? I have attached the diagram and the config. Thank you!!!
03-20-2023 03:25 PM
I believe the IPsec profile is issue here
you use same tunnel source for four tunnels and use ipsec profile,
as I know when multi tunnel use same tunnel source then the profile must be with keyword "shared"
so please add keyword shared into two tunnel and check if success add it to all other four tunnel
03-20-2023 07:18 PM
It did not work. Should I do all four?
03-22-2023 12:15 PM
I have tried all four tunnels and still the same problem. Does everything else look correct to you?
03-23-2023 05:30 AM
I check your config
I follow steps by steps
I run lab and use same crypto keyring and crypto isakmp profile and crypto ipsec profile
and it run without any issue
so troubleshooting
show crypto isakmp sa
show ip bgp neighbors <<- check that all four neighbors is appear
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide