0

With two vlans separated by an IPSec tunnel, I'm having issues reaching an SVI on the far end. Hosts on either end can ping each other without issue, but the SVI's do not respond from the far end, though they work fine locally. The firewall logs are showing that the traffic is passing. ACL's removed from the SVI for troubleshooting. SVI is in the firewalls arp table. And like I said, Far end host to far end host is working, it's just that the SVI's do not respond to requests from the far end. I'm missing something...Probably lots of something : )

enter image description here

Improve this question
1
  • Please edit the question to include the network device models, the network device configurations, and any logs, debugs, etc. We cannot guess where you may have gone wrong.
    – Ron Maupin
    Commented Feb 11 at 15:13

1 Answer 1

Reset to default
0

You need to make sure the switches have a route for the remote subnets, either static or propagated using a routing protocol like OSPF.

If the gateway is the same, you can just use a default route.

Improve this answer
3
  • Ah cripes, I didnt think about the SVI needing a gateway. So, for the config above I could just run: ip default-gateway 10.10.20.1 on the remote switch. Or, if I have multiple SVI's in the future, I could set a static route like so: ip route 10.10.20.0 255.255.255.0 10.10.20.1 and that may clear up my issue. Do I understand that correctly?
    – chrismec
    Commented Feb 11 at 16:52
  • Yes, pretty much so. Don't forget to do it on both sides.
    – Zac67
    Commented Feb 11 at 17:29
  • That was it. I added a static route and all is well. Thank you very much!
    – chrismec
    Commented Feb 13 at 0:38

Not the answer you're looking for? Browse other questions tagged or ask your own question.