Topic Thread

  • 1.  IPSEC tunnel policies

    Posted 09-20-2016 07:16

    1.) Have IPSEC tunnel up. (Showing in VPN-> Monitor as up.)

    2.) Have seven "remote" subnets, and three "local" IP addresses. For ease of explaining, let's call them,, 10.3/16, 10.4/16, 10.5/16, 192.168.5/24, and 192.168.6/24. And then the IPs would be,, and

    3.) Objects created for each single listing above. (ie, Remote1, Remote2, Remote3,...IP1, IP2, IP3.)

    4.) Groups created for each "set". REMOTE_GROUP. IP_GROUP

    5.) Bi-directional policies setup.

    5a.) Source: REMOTE_GROUP Dest: IP_GROUP

    5b.) Source: IP_GROUP Dest: REMOTE_GROUP

 's the weird part.  If they attempt pings from their site? Remote1, Remote3, Remote5, and Remote6 will work to ping IP1. Remote2, Remote4, and Remote7 will get a timeout error with the classic "The packet specifies its destination as..." Which is usually an ACL error in the Phase 2 setup, but we've both confirmed that the subnets match, and all looks good...


    I'm stumped. Any thoughts? Advice? Anecdotes?