VMware NSX

 View Only

  • 1.  IPSec VPN issue.

    Posted Jun 08, 2020 05:14 AM

    Hello,

    I setup a IPSec VPN between two NSX Edge router.  The tunnel is up.  My problem is traffic is one-way only. 

    For example – From vm behind Edge-01, I can ping/ssh/rdp to any vm behind Edge-02.    However, vm behind Edge-02 cannot ping over to vm behind Edge01.

    Anyone have any ideas what can be the issue? 



  • 2.  RE: IPSec VPN issue.

    Posted Jun 08, 2020 05:58 AM

    I found the issue.

    I was under the impression if I enable “Auto Rules Generation” when deployed the Edge it will automatically create the security policy when I enable IPSec.  I do see auto generate rule for the two Peer IP but no rules for the local subnet and remote subnet.  I added firewall rules to allow traffic both way on the edge and it work.

    Maybe this is the same see I have with Load Balance not working. lol



  • 3.  RE: IPSec VPN issue.

    Broadcom Employee
    Posted Jun 08, 2020 06:03 AM

    I'm unsure what rules were in place when traffic was possible in one way. Keeping that aside, auto rules are only for control plane traffic.



  • 4.  RE: IPSec VPN issue.

    Posted Jun 08, 2020 06:13 AM

    Sreec,

    I'm new to NSX.  Thanks for clarifying the auto rules is for the control plane traffic only.  

    Edge01 I have rule allow local subnet to any ( for internet) and on the Edge02 firewall I have any any which allow any traffic. This is why traffic was allowed from Edge01 > Edge02.