IPSEC RPF failure

Forum|Forum|10 years ago
May 24, 2016
1 reply
3456 views

Hi all ,

im trying to set up a dial in IPSEC service for the users at my company , we have a 300D with 2 vdoms and an inter vdom link , the IPSEC terminates on vdom X but vdom Y has a link that sits in our MPLS which is what i want to access .

on vdom X , there is a route pointing to the intervdom link to get to the MPLS destinations , but when i run a debug i get :

id=20085 trace_id=3833 func=print_pkt_detail line=4478 msg="vd-root received a packet(proto=1, 172.16.20.32:1->10.0.1.3:8) from root_server0. code=8, type=0, id=1, seq=4363." id=20085 trace_id=3833 func=init_ip_session_common line=4629 msg="allocate a new session-356822f6" id=20085 trace_id=3833 func=ip_route_input_slow line=1273 msg="reverse path check fail, drop"

both vdoms have routes to the source and destinations but the packet never reaches Vdom Y .

any suggestions ?

thanks a Mill!

Nils

New Member

Are you sure you've got a route to 172.16.20.x network in the VDOM Y?

shane_85Author

New Member

Hi yes , absolutely sure .

Vdom Y

S* 0.0.0.0/0 [10/0] via X.x.x.x, External S 10.0.0.0/16 [10/0] via 196.37.211.169, MPLS_Inside ( Destination for intended IPSEC traffic) S 172.16.20.0/24 [10/0] is directly connected, root_server0 ( link to VDOM X)

VDOM X

S 10.0.0.0/8 [10/0] is directly connected, root_server1( link to Vdom Y) C 172.16.5.0/24 is directly connected, DMZ_V811 C 172.16.20.0/24 is directly connected, IG_IPSEC

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded