Skip to main content
suthomas1
suthomas1
New Member
June 27, 2020
Question

tunnel traffic

  • June 27, 2020
  • 1 reply
  • 6154 views

Hello everyone,

 

In an ipsec vpn, is tunnel traffic(ip addresses .eg 10.1.10./24 or 10.1.2.0/24 which communicates between both sides) neeeded for bringing the tunnel up? which phase does this parameter for both sides get checked , will it have any impact on getting the tunnel up.

1 reply

ede_pfau
SuperUser
ede_pfau
SuperUser
June 27, 2020

For a regular site-2-site tunnel, traffic from any side will trigger tunnel negotiation. In practice, these tunnels hardly ever are down.

Phase2 selects which kind of traffic is allowed across, and will trigger negos.

suthomas1
suthomas1Author
New Member
June 29, 2020

Thank you, so if the two ends have different allowed subnets configured will it have problems in getting the tunnel up and running?

ede_pfau
SuperUser
ede_pfau
SuperUser
June 29, 2020

Then it won't get the tunnel up at all.

These addresses in phase2 are called Quick Mode selectors for a reason. Only matching traffic will traverse the tunnel, or lead to negotiations. (As always, policies permitting.)

Terms & ConditionsAccessibility statement