New Member
Posts: 7
Registered: ‎02-24-2017
Solutions: 1
Accepted Solution

3 ER-X, IPSEC Offloading Site to Site Vpns

[ Edited ]

I have 3 different sites, all on fiber (2 on Verizon FiOS and 1 on Centurylink). All 3 sites have the ER-X routers, and all have been updated to 1.10. I have ipsec offload enabled on 2 sites, let's call them A and B (which are both Verizon sites). When I try to enable ipsec offloading on site C (Centurylink), the VPN tunnels between all three sites fail to pass traffic. In the CLI I see the tunnels are up though.

 

All sites use dynamic IPs, and all sites connect to each other in a mesh network fine without ipsec offloading. When I enable it on A and B, but disable it on C, everything is ok. If I enable it on all sites, no traffic passes. If I disable offloading on all sites, everything works fine.

 

Appreciate any insight the forum can provide.

 

Priteshp52


Accepted Solutions
Highlighted
New Member
Posts: 7
Registered: ‎02-24-2017
Solutions: 1

Re: 3 ER-X, IPSEC Offloading Site to Site Vpns

Fixed my own problem. Upgraded s2s tunnels from IKEv1 to IKEv2 and enabled offloading in site C and now works fine.

 

Hopefully this helps someone else along the line.

 

Priteshp52

View solution in original post


All Replies
New Member
Posts: 7
Registered: ‎02-24-2017
Solutions: 1

Re: 3 ER-X, IPSEC Offloading Site to Site Vpns

No ideas from anyone? Surprised to see this.

 

I'll try to re-explain if possible.

 

We have 3 sites, A, B and C in a mesh network, meaning all sites connect to each other via s2s vpn tunnels. When offloading is enabled for all three sites, site C doesn't send/receive traffic from sites A and B. When ipsec offloading is disabled on site C, everything works normally.

 

Why would having ipsec offload enabled on all 3 sites cause problems?

 

Priteshp52

Highlighted
New Member
Posts: 7
Registered: ‎02-24-2017
Solutions: 1

Re: 3 ER-X, IPSEC Offloading Site to Site Vpns

Fixed my own problem. Upgraded s2s tunnels from IKEv1 to IKEv2 and enabled offloading in site C and now works fine.

 

Hopefully this helps someone else along the line.

 

Priteshp52