05-31-2020 01:30 AM
Hello Everyone
I have a scenario which I open an ipsec tunnel Strongswan(initiator) Vs Cisco FlexVPN as a hub (responder).
I'm also using dynamic IP configuration to get tunnel IP address from the Cisco pool adress.
Then tunnel is in ESTABLISHED state , but I can't route traffic from the Cisco hub to my linux device via the tunnel.
There is reachability from the Cisco device to the tunnel IP address that was received from Cisco device.
I am using left/right subnets as any/any , and for the example I got Tunnel IP address 30.30.30.6 form Cisco which I put on the VTI device...
In parallel I'm using same setup Cisco Vs Cisco where everything is ok all traffic pass ok.
Some info:
1. In Cisco HUB shows - Virtual-Access1 is the connection to Cisco initiator , Virtual-Access2 is the connection to the Linux device initiator
2. show crypto ikev2 sa detailed:
3. In show crypto ipsec sa:
4. In Strongswan ipsec statusall:
I can only ping the address that I got form the Cisco and not any other LAN (see Cisco routing table attached)... i see that the Cisco Hub is narrowing the policy for only this IP which is not good to me becouse i want to run bgp on this dynamic address.
please if any one can advice , hope i made my problem clear.
thanks in advance
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide