06-08-2013 03:02 AM
Hi community,
I just purchased a SRP 521 to connect my home network with an Amazon service (site to site IP sec)
I have created two tunnels and both are working ... BUT one at a time
When I try to activate both, only the first can be connected
the product sheet indicates 5 VPN site to site but nowhere its indicated as active in the same time
Any experience with this ?
Is tehre any limitation ?
Cheers
A.Costa
Solved! Go to Solution.
06-11-2013 01:58 AM
Thanks for the detail - now I understand what you are attempting.
Unfortunately, the SRP500 doesn't support VPN tunnel redundancy to a common remote subnet, so it can't actively manage failover from one tunnel to the other in the event that one of the Amazon gateways fails.
As you have seen, it is possible however to manage this manually.
Regards,
Andy
06-08-2013 12:05 PM
Hi,
This should be ok - it should be possible to connect multiple IPSec policies at a time. (You can't use Point to Point IPSec and remote access VPN at the same time).
Can you post some detail please? May be there is some conflicting configuration?
Please post which firmware you are using too.
Regards,
Andy
06-08-2013 01:33 PM
the router configuration is as follow
Model: | SRP521W, FE WAN, 802.11n ETSI, 2FXS/1FXO |
Version ID: | V01 |
Hardware Version: | 4.1.0 |
Boot Version: | 1.1.22 (Feb 22 2011 - 09:42:55) |
Firmware Version: | 1.01.29 (002) Mar 29 2013 |
Recovery Firmware: | 1.01.20 (011) |
Setup Wizard Version: | 20110728.00 |
I use onlu IP sec connections point to point
both IKE policies are defined and IPsec policies defined and enabled
When connecting to Status > VPN status , the first is connected and the second is disconnected
I click on connect button but nothing happens
on the other side the same status (one UP and the other down)
VPN Status | |||||||||||||||||||||
|
|
|
|
|
|
| Connect Status | ||||||||||||||
awssec | yyy.yyy.yyy.yyy/24 | xxx.xxx.xxx.xxx/32 | AES128-SHA 1 | AES128-SHA 1 | 0 | 0 | Connected | ||||||||||||||
|
|
|
|
|
|
| Connect Status | ||||||||||||||
awssec2 | 0 | 0 | Disconnect | ||||||||||||||||||
When disconnecting the first connection both connection are down.
VPN Status | |||||||||||||||||||||
|
|
|
|
|
|
| Connect Status | ||||||||||||||
awssec | 0 | 0 | Disconnect | ||||||||||||||||||
|
|
|
|
|
|
| Connect Status | ||||||||||||||
awssec2 | 0 | 0 | Disconnect | ||||||||||||||||||
I need to connect the second tunnel (Status > VPN status > click button connect on the second tunel)
when I check the status, the SRP shows both connections as connected buth the other side shows only the second tunnel as active, and the first is down
|
|
|
|
|
|
| Connect Status | ||||||||||||||
awssec | yyy.yyy.yyy.yyy/24 | 192.168.15.100/32 | AES128-SHA 1 | AES128-SHA 1 | 0 | 0 | Connected | ||||||||||||||
|
|
|
|
|
|
| Connect Status | ||||||||||||||
awssec2 | yyy.yyy.yyy.yyy/24 | 192.168.15.100/32 | AES128-SHA 1 | AES128-SHA 1 | 0 | 0 | Connected | ||||||||||||||
What kind of conflct it may be?
IP adresses for the IP sec are different, and the parameters are identical (except pre shared key of course and the names)
06-10-2013 01:26 AM
Thanks for the information,
Seems a little strange. I'm not sure that I totally follow your configuration here.
From the status, I see that you are tunnelling from a single local host to two remote subnets. Are those subnets on the same remote SRP?
What configuration do you have on the other SRP? Two policies, one for each subnet for traffic targetted at the host on the first site?
Andy
06-10-2013 03:00 AM
I am connecting a single server in my network (local IP 192.168.15.100) to a subnetwork in Amazon AWS
it's one single subnetwork at Amazon side, using amazon VPN routers
AWS provides 2 redundant connections to 2 different IP adresses but a single subnetwork (let's say 10.1.2.0/24)
On the SRP 521W (in my network), I have defined 2 different IKE policies (one per remote AWS IP adress)
for each IKE we have associated IP sec policy (awssec and awssec2)
it should be like this where VPC is the subnetwork, and teh customer gateway is the SRP I am using
06-11-2013 01:58 AM
Thanks for the detail - now I understand what you are attempting.
Unfortunately, the SRP500 doesn't support VPN tunnel redundancy to a common remote subnet, so it can't actively manage failover from one tunnel to the other in the event that one of the Amazon gateways fails.
As you have seen, it is possible however to manage this manually.
Regards,
Andy
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: