Problems creating L3 VPN with virtual VPN Gateway and BR200

  • 1
  • Question
  • Updated 2 years ago
  • (Edited)
Phase 1 of L3 VPN will not establish.  I'm working with 3rd level support, but they are a bit stumped and think it is my corporate firewall.  We're not seeing any dropped packets though except the VPN gateway is trying to ping the firewall and those are being dropped as we don't allow that.  Looking at the firewall, all we see are IKE events and not NAT (4500).  Doing a show IKE Events from my BR shows in the log the following: Phase 1 started (port 500), Peer not responding (port 4500), Phase 1 deleted (Port 4500) and it repeats over.  Any ideas on what to look for?  Something that I have noticed odd, but maybe not related is when I push out policy to the VPN, it takes 5 to 10 minutes to do that where if I push it to the BR, it's very quick.  Also, in HMOL, I'm never able to open an ssh client to the VPN.  It times out.  One more thing to take note is that we set the VPN up as 1 armed. 
Thanks for the help!
Michael
Photo of mdparker04

mdparker04

  • 11 Posts
  • 4 Reply Likes

Posted 3 years ago

  • 1
Photo of Knarf

Knarf

  • 18 Posts
  • 2 Reply Likes
Hey,

from the information that you have provided, it sounds like one of two things. Either your firewall on either side is blocking UDP 500 and 4500, or there are not port forwarding rules in place for the CVG or BR. Do you have port forwarding rules in place?