![]() These variables are defined for each gateway and control NAT-T for site-to-site VPN: ( There is no NAT device between my end and AWS) Tunnels remain UP, till negotiation not happening through IKE 4500.Ĭurrently I am experimenting to tune below gateway specific parameters to ensure negotiation of IKE 4500 should not happen. When I am doing manual tunnel reset, checkpoint initiating tunnel, where it negotiating on 500 UDP and data starts traversing through tunnel. I am using BGP protocol to control routing.īGP TCP handshake not getting complete when IKE negotiation shown IKE NAT-T (4500).īut fw monitor shows my end try to send bgp messages through tunnel and even initial packet comes through aws end but TCP complete connection not happening. ![]() (As per few secure knowledge checkpoint only responds for NAT-T negotiation but never initiate negotiation with NAT-T)įw ctl zdebug + drop | grep gives decryption failed. ![]() My observation is, in continuous ongoing security parameter negotiations, whenever AWS end negotiates tunnel with NAT-T (4500), tunnel shows UP but no data traverse through tunnel. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |