Re: IPSec VPN Routing issues

Some additional details , nothing visibly wrong here...to my knowledge at least (note that I ping 10.0.0.6 from subnet 10.10.13.219)

edg-perimeter-0> show config ipsec

-----------------------------------------------------------------------

vShield Edge IPsec VPN Config:

{

   "ipsec" : {

      "sites" : [

         {

            "certificate" : null,

            "encryptionAlgorithm" : "aes",

            "enabled" : true,

            "mtu" : null,

            "psk" : "****",

            "extension" : null,

            "peerSubnets" : [

               "10.0.0.0/24",

               "10.0.1.0/24",

               "10.0.2.0/24"

            ],

            "peerIp" : "52.18.144.144",

            "name" : "aws",

            "description" : null,

            "localSubnets" : [

               "192.168.0.0/24",

               "10.10.0.0/16"

            ],

            "dhGroup" : "dh5",

            "peerId" : "52.18.144.144",

            "enablePfs" : true,

            "localIp" : "62.213.196.68",

            "authenticationMode" : "psk",

            "localId" : "62.213.196.68"

         }

      ],

      "enable" : true,

      "logging" : {

         "enable" : false,

         "logLevel" : "info"

      },

      "global" : {

         "extension" : null,

         "crlCertificates" : [],

         "serviceCertificate" : "certificate-58",

         "pskForDynamicIp" : null,

         "id" : null,

         "caCertificates" : []

      },

      "disableEvent" : false

byte 1298

            ],

            "dhGroup" : "dh5",

            "peerId" : "52.18.144.144",

            "enablePfs" : true,

            "localIp" : "62.213.196.68",

            "authenticationMode" : "psk",

            "localId" : "62.213.196.68"

         }

      ],

      "enable" : true,

      "logging" : {

         "enable" : false,

         "logLevel" : "info"

      },

      "global" : {

         "extension" : null,

         "crlCertificates" : [],

         "serviceCertificate" : "certificate-58",

         "pskForDynamicIp" : null,

         "id" : null,

         "caCertificates" : []

      },

      "disableEvent" : false

   }

}

~

~

~

~

~

edg-perimeter-0>   show service ipsec sp

src 192.168.0.0/24[any]  ---> dst 10.0.2.0/24[any] 255

        out prio high + 1073739480 ipsec

        esp/tunnel/62.213.196.68-52.18.144.144/unique#16393

        created: Jun  6 17:31:57 2016  lastused:

        lifetime: 0(s) validtime: 0(s)

        spid=769 seq=1 pid=22126

        refcnt=1

src 10.10.0.0/16[any]  ---> dst 10.0.0.0/24[any] 255

        out prio high + 1073739224 ipsec

        esp/tunnel/62.213.196.68-52.18.144.144/unique#16397

        created: Jun  6 17:30:29 2016  lastused: Jun  6 17:52:31 2016

        lifetime: 0(s) validtime: 0(s)

        spid=777 seq=2 pid=22126

        refcnt=2

src 10.10.0.0/16[any]  ---> dst 10.0.2.0/24[any] 255

        out prio high + 1073739224 ipsec

        esp/tunnel/62.213.196.68-52.18.144.144/unique#16405

        created: Jun  6 17:29:54 2016  lastused:

        lifetime: 0(s) validtime: 0(s)

        spid=793 seq=3 pid=22126

        refcnt=1

src 10.10.0.0/16[any]  ---> dst 10.0.1.0/24[any] 255

        out prio high + 1073739224 ipsec

        esp/tunnel/62.213.196.68-52.18.144.144/unique#16401

        created: Jun  6 17:28:56 2016  lastused:

        lifetime: 0(s) validtime: 0(s)

        spid=785 seq=4 pid=22126

        refcnt=1

src 192.168.0.0/24[any]  ---> dst 10.0.1.0/24[any] 255

        out prio high + 1073739480 ipsec

        esp/tunnel/62.213.196.68-52.18.144.144/unique#16389

        created: Jun  6 17:27:09 2016  lastused:

        lifetime: 0(s) validtime: 0(s)

        spid=761 seq=5 pid=22126

        refcnt=1

src 192.168.0.0/24[any]  ---> dst 10.0.0.0/24[any] 255

        out prio high + 1073739480 ipsec

        esp/tunnel/62.213.196.68-52.18.144.144/unique#16385

        created: Jun  6 17:26:48 2016  lastused:

        lifetime: 0(s) validtime: 0(s)

        spid=753 seq=6 pid=22126

        refcnt=1

src 10.0.2.0/24[any]  ---> dst 192.168.0.0/24[any] 255

        fwd prio high + 1073739480 ipsec

        esp/tunnel/52.18.144.144-62.213.196.68/unique#16393

        created: Jun  6 16:41:33 2016  lastused:

        lifetime: 0(s) validtime: 0(s)

        spid=890 seq=7 pid=22126

        refcnt=1

src 10.0.2.0/24[any]  ---> dst 192.168.0.0/24[any] 255

        in prio high + 1073739480 ipsec

        esp/tunnel/52.18.144.144-62.213.196.68/unique#16393

        created: Jun  6 16:41:33 2016  lastused:

        lifetime: 0(s) validtime: 0(s)

        spid=880 seq=8 pid=22126

        refcnt=1

src 10.0.0.0/24[any]  ---> dst 10.10.0.0/16[any] 255

        fwd prio high + 1073739224 ipsec

        esp/tunnel/52.18.144.144-62.213.196.68/unique#16397

        created: Jun  6 16:41:13 2016  lastused:

        lifetime: 0(s) validtime: 0(s)

        spid=874 seq=9 pid=22126

        refcnt=1

src 10.0.0.0/24[any]  ---> dst 10.10.0.0/16[any] 255

        in prio high + 1073739224 ipsec

        esp/tunnel/52.18.144.144-62.213.196.68/unique#16397

        created: Jun  6 16:41:13 2016  lastused:

        lifetime: 0(s) validtime: 0(s)

        spid=864 seq=10 pid=22126

        refcnt=1

src 10.0.1.0/24[any]  ---> dst 10.10.0.0/16[any] 255

        fwd prio high + 1073739224 ipsec

        esp/tunnel/52.18.144.144-62.213.196.68/unique#16401

        created: Jun  6 16:41:13 2016  lastused:

        lifetime: 0(s) validtime: 0(s)

        spid=858 seq=11 pid=22126

        refcnt=1

src 10.0.1.0/24[any]  ---> dst 10.10.0.0/16[any] 255

        in prio high + 1073739224 ipsec

        esp/tunnel/52.18.144.144-62.213.196.68/unique#16401

        created: Jun  6 16:41:13 2016  lastused:

        lifetime: 0(s) validtime: 0(s)

        spid=848 seq=12 pid=22126

        refcnt=1

src 10.0.2.0/24[any]  ---> dst 10.10.0.0/16[any] 255

        fwd prio high + 1073739224 ipsec

        esp/tunnel/52.18.144.144-62.213.196.68/unique#16405

        created: Jun  6 16:41:04 2016  lastused:

        lifetime: 0(s) validtime: 0(s)

        spid=842 seq=13 pid=22126

        refcnt=1

src 10.0.2.0/24[any]  ---> dst 10.10.0.0/16[any] 255

        in prio high + 1073739224 ipsec

        esp/tunnel/52.18.144.144-62.213.196.68/unique#16405

        created: Jun  6 16:41:04 2016  lastused:

        lifetime: 0(s) validtime: 0(s)

        spid=832 seq=14 pid=22126

        refcnt=1

src 10.0.1.0/24[any]  ---> dst 192.168.0.0/24[any] 255

        fwd prio high + 1073739480 ipsec

        esp/tunnel/52.18.144.144-62.213.196.68/unique#16389

        created: Jun  6 16:41:04 2016  lastused:

        lifetime: 0(s) validtime: 0(s)

        spid=826 seq=15 pid=22126

        refcnt=1

src 10.0.1.0/24[any]  ---> dst 192.168.0.0/24[any] 255

        in prio high + 1073739480 ipsec

        esp/tunnel/52.18.144.144-62.213.196.68/unique#16389

        created: Jun  6 16:41:04 2016  lastused:

        lifetime: 0(s) validtime: 0(s)

        spid=816 seq=16 pid=22126

        refcnt=1

src 10.0.0.0/24[any]  ---> dst 192.168.0.0/24[any] 255

        fwd prio high + 1073739480 ipsec

        esp/tunnel/52.18.144.144-62.213.196.68/unique#16385

        created: Jun  6 16:41:03 2016  lastused:

        lifetime: 0(s) validtime: 0(s)

        spid=810 seq=17 pid=22126

        refcnt=1

src 10.0.0.0/24[any]  ---> dst 192.168.0.0/24[any] 255

        in prio high + 1073739480 ipsec

        esp/tunnel/52.18.144.144-62.213.196.68/unique#16385

        created: Jun  6 16:41:03 2016  lastused:

        lifetime: 0(s) validtime: 0(s)

        spid=800 seq=18 pid=22126

        refcnt=1

edg-perimeter-0>

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

src 10.10.0.0/16[any]  ---> dst 10.0.0.0/24[any] 255

        out prio high + 1073739224 ipsec

        esp/tunnel/62.213.196.68-52.18.144.144/unique#16397

        created: Jun  6 17:30:29 2016  lastused: Jun  6 17:56:31 2016

        lifetime: 0(s) validtime: 0(s)

        spid=777 seq=2 pid=23134

        refcnt=2