Hello Guys,
I ran into an issue in where the tunnel destination is not receiving the ESP packet. Just to share with you, I encountered an issue in where all of our IPsec tunnel when down and this is due to no decap. or no received ESP packet.... After shutting down the interface multiple time. We able to restore most the tunnel but there still one IPsec tunnel that is failing.
Now, I want to know if my direction is correct since I requested to check on ISP side since I'm able to see that from packet capture router is sending the ESP packet out to the tunnel destination address.
We already checked the device status and no issue seen. So would like to ask if there possibility that ISP drop a ESP packet for specific src/dst IP? I have analyze the path but no much difference when traversing to ISP network. Please let me know your input about this? Thanks
No comments:
Post a Comment