IPsec Tunnel configuration in ACI Fabric

Dinesh Kumar Mariappan · ‎04-04-2023

Some one provide some good document to configure the IPSec Tunnel in ACI Fabric to test one issue.

We have Site A with 10G connection P2P connection to Site B

Site B have P2P connection to site A and MPLS connection to Site C.

Now we have our Storage account in Site C and accessing the Site C from Site A with 16 Hops( we have issue)

If we changed the storage account to site B and accessing from site A we don't have any issues.

Accessing storage account of site from site B also we don't have any issues.

If HOP count was less than 15 we don't have any issue, but this location we have issue.

Now i am coming to the requitement. Site A and Site C we have 1Gbps internet connection, If i can create Ipsec tunnel for only storage subnet traffic then i can check is the issue is due to Hop count ?

How to create IPSec tunnel in ACI fabric, In legacy network i can create tunnel and i can add the source and destination vice versa and i can add static route point towards the tunnel interface but ACI i dont have any idea some one help me to achieve this.

Andrii Oliinyk · ‎04-04-2023

Hi

I'd appreciate to hear different from anyone on this topic but ACI doesnt provide any mean to build IPSec tunnels with either origin or end within Fabric.
Also i tend to think that hop-count has nothing to do with your issue which along with topology's more detailed description in original post would be welcomed.

IPsec Tunnel configuration in ACI Fabric

Secure Access: Network Tunnel Groupの接続におけるFTDのECMP設定例

SDA Fabric Border Replacement Procedure

Tipos de Endpoints no Cisco ACI Fabric

Tipos de Endpoints no Cisco ACI Fabric

Rename ACI Fabric Name?