  • 1.  Routing problem

    Posted May 26, 2021 04:17 AM


    We are setting up a could service for our aruba switches (aruba central) but we cant make it work because the switches (management vlan where switches rely on) are not having internet access. The traffic pass through the wan interface but then when it tries to come back it comes through another interface (IPsec tunnel - very wierd) which we use it to monitor switches from another environment. When we disable the policy from the monitoring environment to the management vlan the internet comes back and the switches are able to communicate with internet. I have tried to enable asymmetric routing but it didn't help.

    This IPsec tunnel uses VIP (because of the overlapping subnet on both sides). 

    Edit: one thing which I saw on logs: when we execute a ping from the switches, it goes via wan interface, then when it commes back it goes via the ipsec tunnel (which uses the same wan interface) and there because of the NAT used in the policy that handles traffic toward the switches get translated and it never reaches the switches. When I disable this policy the trafic flows correctly (but we need that policy to be active as we monitor the switches via that tunnel). 

    Please advice!