I have setup "accept" rules before masq rules and by-pass fasttrack rules too on both sides....
I have 2 tunnels, the problem is with RTR3 (.19)
From RTR1
Code: Select all
[admin@RTR1] /ip ipsec> active-peers print
Flags: R - responder, N - natt-peer
# ID STATE UPTIME PH2-TOTAL REMOTE-ADDRESS
0 established 18h40m43s 1 xxx.xxx.xxx.19
1 R established 18h10m3s 2 xxx.xxx.xxx.35
Code: Select all
[admin@RTR1] > ping 192.168.3.100 interface=ether2
SEQ HOST SIZE TTL TIME STATUS
0 192.168.3.100 timeout
1 192.168.3.100 timeout
sent=2 received=0 packet-loss=100%
Code: Select all
[admin@RTR3] > ping 192.168.1.100 interface=ether2
SEQ HOST SIZE TTL TIME STATUS
0 192.168.1.100 56 64 2ms
1 192.168.1.100 56 64 1ms
sent=2 received=2 packet-loss=0% min-rtt=1ms avg-rtt=1ms max-rtt=2ms
Code: Select all
[admin@RTR1] > ping 192.168.3.100 interface=ether2
SEQ HOST SIZE TTL TIME STATUS
0 192.168.3.100 timeout
1 192.168.3.100 timeout
2 192.168.3.100 timeout
3 192.168.3.100 timeout
4 192.168.3.100 timeout
5 192.168.3.100 timeout
6 192.168.3.100 timeout
7 192.168.3.100 timeout
8 192.168.3.100 timeout
9 192.168.3.100 timeout
10 192.168.3.100 timeout
11 192.168.3.100 timeout
12 192.168.3.100 timeout
13 192.168.3.100 timeout
14 192.168.3.100 timeout
15 192.168.3.100 56 64 1ms
16 192.168.3.100 56 64 1ms
17 192.168.3.100 56 64 1ms
18 192.168.3.100 56 64 1ms
19 192.168.3.100 56 64 1ms
sent=20 received=5 packet-loss=75% min-rtt=1ms avg-rtt=1ms max-rtt=1ms