I am trying to set up an IPSec between two of our firewalls. These firewalls are segmentated in VDOMs.
One of the endpoints of the VPN is a loopback interface.
The other endpoint is an EMAC vlan interface.
VPN establishment goes through the respective root VDOMs (these are the internet-facing VDOMs) and the remote gateway is routed to the respective VDOM.
I have managed to set up the IPSec, it is up.
Even though the VPN is up, we are facing this issue:
If traffic is originated from the endpoint with the loopback interface, it reaches the other endpoint (for example, with a ping), and this one answers with a reply. If I sniffer the traffic, I see the reply routed to the IPSec tunnel, but it never arrives to the other endpoint (the loopback interface where the traffic is originated). Same issue happens if I try to ping from the emac vlan interface to the other endpoint: it never reaches the destination, even though I see it goes through the tunnel, if i sniffer the traffic on the destination, I see nothing.