IPsec tunnel up - cannot ping from lan but from cli is pinging

Hello,
I’m little confused with rutx behevior, when IPsec tunnel is up.
Using RUTX11 fw:RUTX_R_00.07.06.1
against cisco

ipsec connection is done ok
Security Associations (1 up, 0 connecting):
rep1-rep1_c[1]: ESTABLISHED 14 minutes ago, 62.141.xx.xx[62.141.xx.xx…81.91.xx.xx[81.91.xx.xx]
rep1-rep1_c{1}: INSTALLED, TUNNEL, reqid 1, ESP SPIs: c6856a81_i 73541203_o
rep1-rep1_c{1}: 172.18.24.0/24 === 172.18.0.0/19
rep1-rep1_c_1{2}: INSTALLED, TUNNEL, reqid 2, ESP SPIs: c5eef07f_i 0ba1c5a0_o
rep1-rep1_c_1{2}: 172.18.24.0/24 === 172.23.0.0/16

now I can ping hosts in 172.23.0.0/16, 172.18.0.0/19 networks but only from the router CLI

my LAN ip is 172.18.24.1/24 and after tunel up, my PC lost connection to router at all
(no DHCP, no ping)
When the tunnel is down, PC to router connection is working again.

I missing some policy based routing, can you help me?
thanks

Hello,

I believe the issue in this case is the overlap of LAN and networks behind IPsec, since 172.18.0.0/19 covers hosts from 172.18.0.1 to 172.18.31.254. It is surprising that you’re not able to reach the RUTX11, as it has a more specific route to it’s LAN, but either way, I’d suggest removing 172.18.0.0/19 from the remote networks in the IPsec configuration (or changing your LAN subnet) and checking if the issue is still present.

Best regards,

thank you.
Overlaping subnets is the problem.

This topic was automatically closed after 15 days. New replies are no longer allowed.