Enabling two sites with the same local ID/IP and peer as "any" to respond with different ikeVersion
Article ID: 321252
Updated On:
Products
VMware NSX Data Center for vSphere
Issue/Introduction
Symptoms:
Two sites with same peer and local ID/IP cannot be configured with two different ikeVersion.
Two sites with same peer and local ID/IP cannot be configured with two different ikeVersion.
Environment
VMware NSX Data Center for vSphere 6.4.x
Cause
This issue occurs because currently, two sites with same peer and local ID/IP cannot be with two different ikeVersion.
But when the local site is a responder and the peer is configured as any, local site should be able to respond with different ikeVersion as per the intiator's ikeVersion.
But when the local site is a responder and the peer is configured as any, local site should be able to respond with different ikeVersion as per the intiator's ikeVersion.
Resolution
This is a known issue affecting VMware NSX Data Center for vSphere 6.4.2.
Currently, there is no resolution.
Workaround:
To work around this issue:
Currently, there is no resolution.
Workaround:
To work around this issue:
- Configure the sites with same local ID/IP and peer as "any" using "ike-flex".
- When the peer initiates the communication using ikeV1, then the site will respond with ikeV1 and if the peer initiates the communication using ikeV2, then the site will respond with ikeV2.
Feedback
Yes
No
Powered by
