VPN IPSEC phase 2 with secondary lan subnet

Hello all.

I'm facing a problem with VPN IPSEC.

On the LAN interface I've two addressing, primary and secondary, and I would put into the encryption domain of the phase 2, the secondary subnet.

It seems all fine; phase 2 goes UP, but the traffic doesn't pass through the tunnel. Routing is correct.

Instead, if I configure primary subnet, it works perfectly as expected.

Do you know why?

SuperUser

Check route&policy on both sides of the tunnel. Then run sniff to see which side is dropping and run "flow debug" on the dropping side.

RDY77Author

New Member

Very strange!

After I wrote it worked.

I restarded the FGT and done againg the VPN configuration; I see the route for the secondary subnet, the phase 2 come up and the traffic passes.

Sorry and thx.

Sign up