NSA4500 sonicos 5.9 - Routing across both IPsec tunnels from remote site to AWS?
Hello -
I am having a problem connecting to AWS using both IPsec tunnels in that, when I connect using a single tunnel traffic flows properly (I can ping the device, browse to internal web servers, remote desktop, etc) but when I bring up the second tunnel ping continues to work, but RDP/HTTP/etc traffic immediately stops working.
I am using static routes, which I imagine is the problem, but I'm not sure of the configuration required.
Here's the steps I did to set up my configuration:
- In VPN->Settings create two tunnel interfaces to the VPN endpoints provided by AWS and verify the VPN tunnel connects correctly
- In Network->Interfaces create two new interfaces, one for each VPN tunnel
- In Network->Routing create two routing policies, one for each interface, with source Any, service Any, destination [AWS VPC network], interface [interface number from step 2], metric 1, disable route when interface is disconnected, auto-add access rule.
When only one tunnel or the other is up, traffic flows. When both tunnels are up, ping works but other traffic doesn't.
What have I missed? I imagine things are failing because I have two routes between me and AWS in place, but I don't know how to configure this properly.
Answers
Hello @Agrikk ,
I think it may be possible that the traffic is sent out through one tunnel as it is returning on the other and the firewall is dropping it.
You can navigate to VPN tunnel interfaces that you have added and enable the option 'Enable Asymmetric Route Support' in the advanced tab. Please do this for both of the VPN tunnel interfaces.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
I am running SonicOS 5.9 and I don't think I have that as an option.