I stumbled across this last night on the SSG140 that everyone connects back to.
10.1.1.4/30 |
tun.1 |
0.0.0.0 |
C |
0 |
0 |
10.1.1.5/32 |
tun.1 |
0.0.0.0 |
H |
0 |
0 |
192.168.2.0/24 |
tun.1 |
0.0.0.0 |
S |
20 |
1 |
I noticed that in all of the sites that I am having problems in, it was missing the third route for the local subnet.
I went back and added those using the CLI "set route 192.168.xxx.0/24 interface tun.X" and that seemed to correct most of the connectivity. Of course, since over time different people have configured things, I am seeing inconsistencies.
Most of the tunnels show 0.0.0.0 for the gateway on this route. But I have a few that are configured like this:
10.1.1.56/30 |
tun.14 |
0.0.0.0 |
C |
0 |
0 |
10.1.1.57/32 |
tun.14 |
0.0.0.0 |
H |
0 |
0 |
192.168.15.0/24 |
tun.14 |
10.1.1.58 |
S |
20 |
1 |
I am not sure which is the correct method to try and standardize our tunnels, I really do not want to go through this process again. Ever. 😃
Thank you for your posts and information, if you have a moment and can weigh in on these last questions....
1. Which method is correct for the Gateway as shown above?
2. Another inconsistency I saw was that the local subnet was on the SSG140, but in it's own tunnel seperate from the pair, is that because they are un-numbered interfaces?
3. Why can't people build things with consistency!?!?! 😃