I setup a IPSec VPN between two NSX Edge router. The tunnel is up. My problem is traffic is one-way only.
For example – From vm behind Edge-01, I can ping/ssh/rdp to any vm behind Edge-02. However, vm behind Edge-02 cannot ping over to vm behind Edge01.
Anyone have any ideas what can be the issue?
I found the issue.
I was under the impression if I enable “Auto Rules Generation” when deployed the Edge it will automatically create the security policy when I enable IPSec. I do see auto generate rule for the two Peer IP but no rules for the local subnet and remote subnet. I added firewall rules to allow traffic both way on the edge and it work.
Maybe this is the same see I have with Load Balance not working. lol
I'm unsure what rules were in place when traffic was possible in one way. Keeping that aside, auto rules are only for control plane traffic.
I'm new to NSX. Thanks for clarifying the auto rules is for the control plane traffic only.
Edge01 I have rule allow local subnet to any ( for internet) and on the Edge02 firewall I have any any which allow any traffic. This is why traffic was allowed from Edge01 > Edge02.