IPsec between two Router in Bridge Mode

pspringh · 19 January 2021 08:08

Hi,

I have successfully configured IPsec Net-to-Net Connections between Routers that are doing NAT (e.g. AVM Fritz).

Now I have two Sites with a Router in Bridge Mode that are causing some issues.

I can connect these both together, but there is no data traffic between them (no Ping etc. possible).
Connections to the other Sites are working fine.

What do I miss here?

pike_it · 19 January 2021 09:15

Which are the subnets (Green side) of both endpoints?

pspringh · 19 January 2021 09:36

as said before it works same way with Routers that are not in Bridge Mode

Site 1 172.19.14.0/24 (Router in Bridge Mode)
Site 2 172.19.15.0/24 (Router in Bridge Mode)
Site 3 172.19.16.0/24 (Router with NAT)

Site 1 <-> Site 2 (not working)
Site 1 <-> Site 3 (working)
Site 2 <-> Site 3 (working)

All Sites shows “Connected” in the state but no ping possible between Site 1 and 2

pike_it · 19 January 2021 11:29

Please, correct me if i am wrong… Every site has two Tunnels…
Site 1 -> Site 2
Site 1 -> Site 3
Site 2-> Site 1
Site 2-> Site 3
and so on…

pspringh · 19 January 2021 11:54

Yes each Site connects to all other Sites. There are even more Sites but its not important for that problem.

pike_it · 19 January 2021 16:45

Site 1 and Site 2 Red Interfaces have configured private or public IP addresses?

If private, would you please share with us the addresses, subnet masks and so on?

pspringh · 20 January 2021 07:24

All Sites have static public IP Adresses.
It is not the issue that they wont find each other. The state is “Connected” but I cant get any traffic between Site 1 and 2.

pike_it · 20 January 2021 07:39

Pardon my questions for better understanding your network structure, it were necessary for have a more detailed comprehension.
A bug is still possible, but IMVHO might be located into routing of networks or into the evaluation of “connected” for IPSec tunnel, because maybe IKE worked but the subsequent tunnel failed.
Anyway, i suggest you to check routing tables of Site 1 and Site 2. Maybe the caveat is there.

pspringh · 2 February 2021 10:54

I have still the issue to get a working connection between the both Sites which are with Routers in bridge Mode.

It works very fine with other Sites with a usual Router. There is nothing else configured for these connections.
I can connect the to Bridge Router with IPSec, but thtas all. No data (nor ping) are going through this.
So does anyone have an idea how I can make this connection working?

pike_it · 2 February 2021 13:44

Does Site1 and Site2 have other published services? IDK, website, OpenVPN, remote management of any kind…

My guess is that Site1 and Site2 are not correctly (both) reciving “calls” about IPSec, but Site3 is.
So the two routes to Site3 are “called” by Site1 and Site2, and answered. So Tunnel build correctly and work