Home/Support/Support Forum/IX10 - Route for second IPSEC policy is not being built.
Welcome to Digi Forum, where you can ask questions and receive answers from other members of the community.

IX10 - Route for second IPSEC policy is not being built.

0 votes
Hello,
Created two policies in IPSEC configuration. Same 'local' network and two different 'remote' networks. Establishes tunnel just fine for both policies.

However the only route that is being built is the route for the first policy.

That policy, I can pass traffic from the remote network though the IPSEC tunnel to the device and back though the IPSEC tunnel. If I try from the remote network in the second policy, the traffic is received from the IPSEC tunnel, and forwarded out though the default gateway instead of back though the IPSEC tunnel. I have pcaps running on the other side of the devices WAN/default gateway, and the remote side of the IPSEC tunnel to confirm this behavior.

Is this a configuration issue or a bug in the script setting up the routes after initializing the IPSEC policy?
asked Sep 20 in Digi Connect Cellular by david.scott New to the Community (1 point)

Please log in or register to answer this question.

2 Answers

0 votes
What happens if you turn off the first tunnel? Does the second one work as it should?

What subnets are you negotiating on both tunnels?

Nicholas Wilson
Your IoT
https://www.YourIoT.com.au
answered Sep 22 by NicholasYourIoT Seasoned Professional (192 points)
0 votes
In a single tunnel scenario, it works as expected.


172.26.10.0/24 and 172.26.11.0/24 No overlap.

I emailed support and a bug unresolved by firmware updates was identified. When I receive more information, I will update this post so that others impacted in the same way can benefit.

I posted here as well as submitted a ticket as I hadn't used Digi devices for M2M prior, and wasn't sure where I would get help at first. Their email support was very pleasant to use.
answered Sep 23 by david.scott New to the Community (1 point)
...