Hello Everyone,
I am trying extend private dmz to DR site though ipsec and eoip. Got vpn tunnel up in transport mode up and running also added eoip interface faces remote side as public ip of the ipsec tunnel. and setup bridge with relevant interfaces in it, but server in PUB_DMZ can’t reach DR on same subnet 10.10.110.0/24.
Any help or suggestion thank you in advance.
[admin@test] /interface bridge> port print
Flags: X - disabled, I - inactive, D - dynamic
# INTERFACE BRIDGE PRIORITY PATH-COST HORIZON
0 netlab_dmz_ext br_dmz_ext 0x80 10 none
1 netlab-eoip br_dmz_ext 0x80 10 none
[admin@test] /interface bridge> /interface eoip
[admin@test] /interface eoip> print
Flags: X - disabled, R - running
0 R name="netlab-eoip" mtu=1500 l2mtu=65535 mac-address=02:34:4F:B8:29:AB arp=enabled local-address=0.0.0.0
remote-address=1.1.1.1 tunnel-id=25
[admin@test] /ip ipsec installed-sa> print
Flags: A - AH, E - ESP, P - pfs
0 E spi=0x15C925 src-address=2.2.2.2 dst-address=1.1.1.1 auth-algorithm=sha1 enc-algorithm=3des replay=4
state=mature auth-key="XXXXXXXXXXXXXXXXXXXXX"
enc-key="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" addtime=nov/19/2013 21:29:19 expires-in=21m
add-lifetime=24m/30m current-bytes=2649
1 E spi=0x88DFB17 src-address=2.2.2.2 dst-address=1.1.1.1 auth-algorithm=sha1 enc-algorithm=3des replay=4
state=mature auth-key="XXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
enc-key="XXXXXXXXXXXXXXXXXXXXXXXXXXXXX" addtime=nov/19/2013 21:29:19 expires-in=21m
add-lifetime=24m/30m current-bytes=4449
[root@test ~]# ping 10.10.110.1
PING 10.10.110.1 (10.10.110.1) 56(84) bytes of data.
From 10.10.110.2 icmp_seq=2 Destination Host Unreachable
From 10.10.110.2 icmp_seq=3 Destination Host Unreachable
From 10.10.110.2 icmp_seq=4 Destination Host Unreachable