Hello All,
For a route-based based VPN, does the remote-end firewall need to have ping connectivity to a local device for a VPN to establish?
Device-A-->Switch-A--> FW-A ---> Internet---> FW-B -->Switch-B XX ---Device-B
For example, prior to a VPN being established let's say two route-based VPN firewalls are attempting to connect via a Site-to-Site VPN across the internet. Device-A initiates the interesting traffic towards Device-B, but Device-B is not accessible via the Site-B (right side). Traffic egresses FW-A but the VPN does not establish. Is the cause for the VPN not establishing between the two route-based VPN firewalls because Device-B is not actually online or is it still an issue with the VPN configuration settings?
I understand the concept between IKE-phase-1 and IPsec-phase-2, but wasn't sure if the concept of policy-based VPNs was any different from route-based VPNs in terms of establishing the VPNs.
P.S. Be nice!
TYIA
No comments:
Post a Comment