Comments
-
The above "fix" did not work after reboot, so here is the final fix (essentially a better keep-alive) to this issue, courtesy of the great tech. His notes: -Route policies show greyed-out -VPN was up -any change on tunnel interface will pass the traffic and routes will come alive -enabled asymmetric route , traffic passed…
-
Fixed. Turns out it was a metric issue in the Routing Policy. It was set by the AWS VPN wizard as 1, and the amazing tech Pooja Singh set it to 6 and viola...we had connectivity. Picture attached.
-
This issue seems relevant. https://www.sonicwall.com/support/knowledge-base/site-to-site-vpn-tunnel-is-up-but-only-passing-traffic-in-one-direction/170503745701929/#:~:text=If%20the%20packets%20are%20marked%20as%20Consumed%20then,translation%20policies%2C%20which%20could%20lead%20to%20incorrect%20routing.
-
Working with an AWS tech, he noticed that the ICMP packets were not being routed via the vpn tunnel interface, but instead were being sent to the WAN interface X0. Any idea how to fix this issue? 172.16.0.71 LAN client 172.31.11.254 AWS Instance Working session: ========== *Packet number: 218* Header Values: Bytes…
-
Thanks for the reply. I enabled that feature on both VPN tunnels and can now ping from the Instance to my LAN host, but not the other way around. I will investigate the packet log.