Virtual Router/ Firewall/ VPN

Reply
Occasional Contributor
Posts: 5
Registered: ‎02-20-2017

Brocade vRouter 5600 17.1.1 AWS VPN with Public IP Encryption Domain

[ Edited ]

Hello,

 

This post is in relation to a previous post

 

Brocade vRouter 5410 6.7 R11S3 AWS VPN with Public IP Encryption Domain

 

Unfortunately, I had been assigned to another project so this issue was parked until now.

 

A little recap on what I am trying to achieve.

 

  • 2 VPN tunnels between a single vRouter hosted in AWS to customer site 1 and 2.
  • There is an EC2 instance on the AWS side, in a private subnet, the subnet has routes describe to route encryption domain IP for site 1 and site 2 to the vRouter.
  • This EC2 instance private IP has been nat'ed to an encryption domain on the AWS side.
  • IPSEC tunnels are established between the vRouter and customer site 1 and 2. 
  • If I run 'show nat source translation' I can see the ec2 instance local address of 10.168.65.200 translate to the AWS encryption domain ip .54.194.1.2).
  • But there is no traffic metric recorded 'show vpn ipsec sa' and I am unable to telnet to the either of the customers encryption domain IPs on port 8000 (the customer service runs on port 8000).
  • See attached topology diagram for reference. 

 

The vRouter for this environment has been upgraded 5600 17.1.1 with some config changes to support the new CLI.

 

 

If anyone can assist with debugging this issue that would appreciated. All addresses have been anonymised.

  

Than you,

 

Scott

Brocadian
Posts: 17
Registered: ‎06-17-2015

Re: Brocade vRouter 5600 17.1.1 AWS VPN with Public IP Encryption Domain

Can you please provide the output of the commands requested on the previous post?

Also, it would help if you can provide a diagram or a clear descriiption of your topology, because the config lists only one interface and you have multiple local addresses, so I want to make sure I understand the routing part first.

Occasional Contributor
Posts: 5
Registered: ‎02-20-2017

Re: Brocade vRouter 5600 17.1.1 AWS VPN with Public IP Encryption Domain

Re-worded the original post, included topology diagram and included output of commands requested. Rename the attached .pdf file to .txt (why are .txt file not allowed to be uploaded?)

 

Any advise would is greatly appreicated!

 

Regards,


Scott

Occasional Contributor
Posts: 5
Registered: ‎02-20-2017

Re: Brocade vRouter 5600 17.1.1 AWS VPN with Public IP Encryption Domain

Is anyone able to assist with this problem?

 

Thanks,

 

Scott

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.