On 20/04/2018 13:04, Andrey V. Elsukov wrote:
On 20.04.2018 11:17, Victor Gamov wrote:
All local SA configured and established and remote side (Cisco routers)
report SA established too.
But traffic goes via only one ipsec-interface.
If you have all SAs established, you probably need to check your routing
configuration. Or at least test that addresses configured on the ipsecXX
interfaces are reachable.
More correct problem is: last configured ipsec interface tx/rx traffic
only. For my example:
- ping from 10.10.98.1 to 10.10.98.2 via ipsec30 is OK
- ping from 10.10.98.2 to 10.10.98.1 via ipsec30 is OK
- ping from 10.10.98.5 (Cisco) to 10.10.98.6 via ipsec25 -- no
responses, but I see ESP traffic on external interface and (!!!)
ICMP-reply from 10.10.98.5 to 10.10.98.6 on ipsec25 (but no
ICMP-request on ipsec25 !!!)
- ping from 10.10.98.6 to 10.10.98.5 via ipsec25 -- no responses, I see
ICMP-request on ipsec25 but no ESP-traffic on external interface
Any suggestion?
--
С уважением,
Гамов Виктор
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
