Site to Site VPN with public IP as Interesting traffic destination
I configured a site to site VPN with our vendor. The network that we need to access from them is a global pool. when i tried to ping one of the address on that pool it brought up the tunnel, but when I tried to browse the server the traffic is getting routed to the internet and the tunnel is not coming up, there is no proxy configured on my browser setting, below is my config:
Re: Site to Site VPN with public IP as Interesting traffic desti
The configuration looks alright. Sometimes the object-group configuration leads to problems in crypto ACLs. How do you know the packets to the server are getitng routed thorugh the internet? Do you have some captures?
What happens when you run a packet-tracer like below:
Phase: 16 Type: FLOW-CREATION Subtype: Result: ALLOW Config: Additional Information: New flow created with id 14956985, packet dispatched to next module Module information for forward flow ... snp_fp_tracer_drop snp_fp_inspect_ip_options snp_fp_inspect_icmp snp_fp_adjacency snp_fp_encrypt snp_fp_fragment <--- More --->
Module information for reverse flow ... snp_fp_tracer_drop snp_fp_inspect_ip_options snp_fp_ipsec_tunnel_flow snp_fp_inspect_icmp snp_fp_adjacency snp_fp_fragment snp_ifc_stat
Result: input-interface: INSIDE input-status: up input-line-status: up output-interface: OUTSIDE output-status: up output-line-status: up Action: allow
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...