NSA4500 sonicos 5.9 - Routing across both IPsec tunnels from remote site to AWS?
I am having a problem connecting to AWS using both IPsec tunnels in that, when I connect using a single tunnel traffic flows properly (I can ping the device, browse to internal web servers, remote desktop, etc) but when I bring up the second tunnel ping continues to work, but RDP/HTTP/etc traffic immediately stops working.
I am using static routes, which I imagine is the problem, but I'm not sure of the configuration required.
Here's the steps I did to set up my configuration:
- In VPN->Settings create two tunnel interfaces to the VPN endpoints provided by AWS and verify the VPN tunnel connects correctly
- In Network->Interfaces create two new interfaces, one for each VPN tunnel
- In Network->Routing create two routing policies, one for each interface, with source Any, service Any, destination [AWS VPC network], interface [interface number from step 2], metric 1, disable route when interface is disconnected, auto-add access rule.
When only one tunnel or the other is up, traffic flows. When both tunnels are up, ping works but other traffic doesn't.
What have I missed? I imagine things are failing because I have two routes between me and AWS in place, but I don't know how to configure this properly.