IX10 - Route for second IPSEC policy is not being built.

Question

Hello,
Created two policies in IPSEC configuration. Same 'local' network and two different 'remote' networks. Establishes tunnel just fine for both policies.

However the only route that is being built is the route for the first policy.

That policy, I can pass traffic from the remote network though the IPSEC tunnel to the device and back though the IPSEC tunnel. If I try from the remote network in the second policy, the traffic is received from the IPSEC tunnel, and forwarded out though the default gateway instead of back though the IPSEC tunnel. I have pcaps running on the other side of the devices WAN/default gateway, and the remote side of the IPSEC tunnel to confirm this behavior.

Is this a configuration issue or a bug in the script setting up the routes after initializing the IPSEC policy?

Answer 1

What happens if you turn off the first tunnel? Does the second one work as it should?

What subnets are you negotiating on both tunnels?

Nicholas Wilson
Your IoT
https://www.YourIoT.com.au

Answer 2

In a single tunnel scenario, it works as expected.


172.26.10.0/24 and 172.26.11.0/24 No overlap.

I emailed support and a bug unresolved by firmware updates was identified. When I receive more information, I will update this post so that others impacted in the same way can benefit.

I posted here as well as submitted a ticket as I hadn't used Digi devices for M2M prior, and wasn't sure where I would get help at first. Their email support was very pleasant to use.