I configured two S2S IPsec tunnels (policy). LAN and IPsec interface feature an allow all rule.
Both remote sites connect and clients in the remote LAN's successfully ping the firewall.
However, the firewall cannot ping any host nor the gateways or the remote sites. It seems like the tunnels are one way only. I looked at the routing table and was surprised to see that the remote LAN's (10.52.10.0/24, 10.62.10.0/24) are added to the default gateway (172.31.1.1).
Any idea where I could have gone wrong?
FIREWALL: SETTINGS: ADVANCED -> Disable Force Gateway
VPN: IPSEC: ADVANCED SETTINGS -> Do not install routes
SYSTEM: GATEWAYS: SINGLE -> create a GW with the same IP address as your LAN interface
SYSTEM: ROUTES: CONFIGURATION -> add needed routes
cheers
Thanks for your input but if I do this I cannot route between the remote networks...
my tunnels are setup this way and the clients can reach the remote networks, as well as the firewalls ...
And you have a routed IPsec or policy-based?
policy based
No dice. The firewall just does not route the packets through to the other LAN. Your setup just leads to TTL exceeded in transit for me...
Solved it with the help of this post:
https://administrator.de/contentid/539060#comment-1421754 (https://administrator.de/contentid/539060#comment-1421754)