PDA

View Full Version : Key Install: Wrong Community



nbkrnbkr
2008-10-28, 06:04
Hi,

I'm seeing some strange behavior in the SmartView Tracker regarding a Site-To-Site VPN.

We have several Site-To-Site VPNs on a NGX R60 and all work fine, nevertheless, one connection shows the wrong Community in the Key Install phase.

For example:

VPN A has the community c_vpn_a and the peer gateway A
VPN B has the community c_vpn_b and the peer gateway B

When the key install is done vor VPN A the packets are sent to A but the community is - according to the log "c_vpn_b".

Wenn real data is sent, the community is c_vpn_a like one would except it, and the traffic is flowing nicly.

If checked all the parameters of the two VPN tunnels, and searched the web for a solution, but can't find anything related. Is it possible that the firewall can't decide which one is the correct community while doing the key install, and just chooses randomly, or is it more likley that there is a configuration problem?

Any help is appreciated.

Regards
nbkr

melipla
2008-10-28, 09:29
Try this command on the smartcenter server and look for any overlaps which might interfere with the operation of your traffic:

vpn overlap_encdom

HTH