Newly configured IPSec VPN is not routing traffic to the established VPN tunnel as expected.
search cancel

Newly configured IPSec VPN is not routing traffic to the established VPN tunnel as expected.

book

Article ID: 420565

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • The new IPSec VPN is configured on a standalone T1 that has no T0 linked, which is an uncommon data path for VPN configurations.
    • Instead, the T1 has a service interface (CSP) configured for North/South and VPN traffic.
  • The VPN tunnel establishes and, from the NSX UI perspective, appears to be healthy. 
    • However, traffic from the NSX overlay destined for the far side of the VPN tunnel is observed being routed to the physical network via the service interface but is NOT sent over the established VPN tunnel. 

Environment

VMware NSX

Resolution

Configure a Static Route on the standalone T1 to reach the remote VPN peer.

Workaround

  • Link this T1 to a T0 with uplinks to provide North/South routing and remove the service interface from the VPN configuration. 

Additional Information

See Adding IPSec VPN Sessions for more information. 

Powered by Wolken Software