You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Yesid Mora <ym...@o4it.com> on 2016/01/19 17:44:56 UTC

CloudStack - Virtual Router

Hello guys,

I’m having a problem with a IPSEC vpn between a Cisco and my Virtual router, cause in order to start the traffic on the tunnel the Cisco side needs to send traffic first to my site and then I can ping the Cisco site,

Something like this.

Virtual router site IP 10.10.20.0/24

Cisco site IP 10.10.30.0/24

So the tunnel is up but in order to pass traffic first the cisco site needs to send a ping to my site after that the tunnel works just perfect.

Thanks.




Cordialmente / Best regards,





Yesid Mora | Orchestration Engineer | O4IT


PBX:+57 (1) 423-5460  Ext  251  | Cel: 3124509565


Cr. 7 #74-56 | Oficina 202 | Bogotá, Colombia


www.o4it.com<http://www.o4it.com> | ymora@o4it.com<ma...@o4it.com>





[http://www.o4it.com]<http://www.o4it.com>[http://www.linkedin.com/company/1207504]<http://www.linkedin.com/company/1207504>[https://twitter.com/o4it]<https://twitter.com/o4it>[https://www.facebook.com/o4itofficial]<https://www.facebook.com/o4itofficial>[https://www.youtube.com/user/o4itofficial]<https://www.youtube.com/user/o4itofficial>




CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential or proprietary information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, immediately contact the sender by reply e-mail and destroy all copies of the original message.

RE: CloudStack - Virtual Router

Posted by Yesid Mora <ym...@o4it.com>.
Hey, thanks for your comments.

Yeah I understand but the question is can the Vrouter establish the connection or do I need that the other side sends traffic to stablish the tunnel.

thanks



Cordialmente,

Yesid Mora | Orchestration Engineer | O4IT
PBX: 251 Ext +57 (1) 423-5460 | Cel: 3124509565
Cr. 7 #74-56 | Oficina 202 | Bogotá, Colombia
http://www.o4it.com | mailto:ymora@o4it.com



-----Original Message-----
From: Simon Weller [mailto:sweller@ena.com]
Sent: Wednesday, January 20, 2016 8:42 AM
To: users@cloudstack.apache.org
Subject: Re: CloudStack - Virtual Router

Have you got a box at the other end where you could place a ping script in cron and time it for every minute to ping across the tunnel?


________________________________________
From: Yesid Mora <ym...@o4it.com>
Sent: Tuesday, January 19, 2016 2:13 PM
To: users@cloudstack.apache.org
Subject: RE: CloudStack - Virtual Router

Sorry , the problem that we are having it's that in order to establish the vpn tunnel between the networks the cisco side needs to send traffic to the private IP behind the VR. Cause the VPN is up but traffic it's not passing till the cisco side send the first packet.

I believe that the keep-alive on cisco side it's just for the VPN to establish not for the Phase II network traffic to pass.

Thanks.



Cordialmente,

Yesid Mora | Orchestration Engineer | O4IT
PBX: 251 Ext +57 (1) 423-5460 | Cel: 3124509565 Cr. 7 #74-56 | Oficina 202 | Bogotá, Colombia http://www.o4it.com | mailto:ymora@o4it.com



-----Original Message-----
From: Simon Weller [mailto:sweller@ena.com]
Sent: Tuesday, January 19, 2016 12:01 PM
To: users@cloudstack.apache.org
Subject: Re: CloudStack - Virtual Router

You could set a periodic keep-alive on the cisco side.


Try something like this:

crypro isakmp keepalive 10 5 periodic

- Si


________________________________
From: Yesid Mora <ym...@o4it.com>
Sent: Tuesday, January 19, 2016 10:44 AM
To: users@cloudstack.apache.org
Subject: CloudStack - Virtual Router


Hello guys,



I'm having a problem with a IPSEC vpn between a Cisco and my Virtual router, cause in order to start the traffic on the tunnel the Cisco side needs to send traffic first to my site and then I can ping the Cisco site,



Something like this.



Virtual router site IP 10.10.20.0/24



Cisco site IP 10.10.30.0/24



So the tunnel is up but in order to pass traffic first the cisco site needs to send a ping to my site after that the tunnel works just perfect.



Thanks.





Cordialmente / Best regards,





Yesid Mora | Orchestration Engineer | O4IT


PBX:+57 (1) 423-5460  Ext  251  | Cel: 3124509565


Cr. 7 #74-56 | Oficina 202 | Bogotá, Colombia


www.o4it.com<http://www.o4it.com>

[http://o4it.com/wp-content/uploads/featured-slider-1.jpg]<http://www.o4it.com/>

O4IT - THE CLOUD ENABLER<http://www.o4it.com/> www.o4it.com We are a leading provider of Cloud Technologies, focused on providing the technology and best practices to enable channel partners and resellers to quickly deliver ...


 | ymora@o4it.com<ma...@o4it.com>





[http://www.o4it.com]<http://www.o4it.com>[http://www.linkedin.com/company/1207504]<http://www.linkedin.com/company/1207504>[https://twitter.com/o4it]<https://twitter.com/o4it>[https://www.facebook.com/o4itofficial]<https://www.facebook.com/o4itofficial>[https://www.youtube.com/user/o4itofficial]<https://www.youtube.com/user/o4itofficial>




CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential or proprietary information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, immediately contact the sender by reply e-mail and destroy all copies of the original message.

Re: CloudStack - Virtual Router

Posted by Simon Weller <sw...@ena.com>.
Have you got a box at the other end where you could place a ping script in cron and time it for every minute to ping across the tunnel?


________________________________________
From: Yesid Mora <ym...@o4it.com>
Sent: Tuesday, January 19, 2016 2:13 PM
To: users@cloudstack.apache.org
Subject: RE: CloudStack - Virtual Router

Sorry , the problem that we are having it's that in order to establish the vpn tunnel between the networks the cisco side needs to send traffic to the private IP behind the VR. Cause the VPN is up but traffic it's not passing till the cisco side send the first packet.

I believe that the keep-alive on cisco side it's just for the VPN to establish not for the Phase II network traffic to pass.

Thanks.



Cordialmente,

Yesid Mora | Orchestration Engineer | O4IT
PBX: 251 Ext +57 (1) 423-5460 | Cel: 3124509565
Cr. 7 #74-56 | Oficina 202 | Bogotá, Colombia
http://www.o4it.com | mailto:ymora@o4it.com



-----Original Message-----
From: Simon Weller [mailto:sweller@ena.com]
Sent: Tuesday, January 19, 2016 12:01 PM
To: users@cloudstack.apache.org
Subject: Re: CloudStack - Virtual Router

You could set a periodic keep-alive on the cisco side.


Try something like this:

crypro isakmp keepalive 10 5 periodic

- Si


________________________________
From: Yesid Mora <ym...@o4it.com>
Sent: Tuesday, January 19, 2016 10:44 AM
To: users@cloudstack.apache.org
Subject: CloudStack - Virtual Router


Hello guys,



I'm having a problem with a IPSEC vpn between a Cisco and my Virtual router, cause in order to start the traffic on the tunnel the Cisco side needs to send traffic first to my site and then I can ping the Cisco site,



Something like this.



Virtual router site IP 10.10.20.0/24



Cisco site IP 10.10.30.0/24



So the tunnel is up but in order to pass traffic first the cisco site needs to send a ping to my site after that the tunnel works just perfect.



Thanks.





Cordialmente / Best regards,





Yesid Mora | Orchestration Engineer | O4IT


PBX:+57 (1) 423-5460  Ext  251  | Cel: 3124509565


Cr. 7 #74-56 | Oficina 202 | Bogotá, Colombia


www.o4it.com<http://www.o4it.com>

[http://o4it.com/wp-content/uploads/featured-slider-1.jpg]<http://www.o4it.com/>

O4IT - THE CLOUD ENABLER<http://www.o4it.com/> www.o4it.com We are a leading provider of Cloud Technologies, focused on providing the technology and best practices to enable channel partners and resellers to quickly deliver ...


 | ymora@o4it.com<ma...@o4it.com>





[http://www.o4it.com]<http://www.o4it.com>[http://www.linkedin.com/company/1207504]<http://www.linkedin.com/company/1207504>[https://twitter.com/o4it]<https://twitter.com/o4it>[https://www.facebook.com/o4itofficial]<https://www.facebook.com/o4itofficial>[https://www.youtube.com/user/o4itofficial]<https://www.youtube.com/user/o4itofficial>




CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential or proprietary information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, immediately contact the sender by reply e-mail and destroy all copies of the original message.

RE: CloudStack - Virtual Router

Posted by Yesid Mora <ym...@o4it.com>.
Sorry , the problem that we are having it's that in order to establish the vpn tunnel between the networks the cisco side needs to send traffic to the private IP behind the VR. Cause the VPN is up but traffic it's not passing till the cisco side send the first packet.

I believe that the keep-alive on cisco side it's just for the VPN to establish not for the Phase II network traffic to pass.

Thanks.



Cordialmente,

Yesid Mora | Orchestration Engineer | O4IT
PBX: 251 Ext +57 (1) 423-5460 | Cel: 3124509565
Cr. 7 #74-56 | Oficina 202 | Bogotá, Colombia
http://www.o4it.com | mailto:ymora@o4it.com



-----Original Message-----
From: Simon Weller [mailto:sweller@ena.com]
Sent: Tuesday, January 19, 2016 12:01 PM
To: users@cloudstack.apache.org
Subject: Re: CloudStack - Virtual Router

You could set a periodic keep-alive on the cisco side.


Try something like this:

crypro isakmp keepalive 10 5 periodic

- Si


________________________________
From: Yesid Mora <ym...@o4it.com>
Sent: Tuesday, January 19, 2016 10:44 AM
To: users@cloudstack.apache.org
Subject: CloudStack - Virtual Router


Hello guys,



I'm having a problem with a IPSEC vpn between a Cisco and my Virtual router, cause in order to start the traffic on the tunnel the Cisco side needs to send traffic first to my site and then I can ping the Cisco site,



Something like this.



Virtual router site IP 10.10.20.0/24



Cisco site IP 10.10.30.0/24



So the tunnel is up but in order to pass traffic first the cisco site needs to send a ping to my site after that the tunnel works just perfect.



Thanks.





Cordialmente / Best regards,





Yesid Mora | Orchestration Engineer | O4IT


PBX:+57 (1) 423-5460  Ext  251  | Cel: 3124509565


Cr. 7 #74-56 | Oficina 202 | Bogotá, Colombia


www.o4it.com<http://www.o4it.com>

[http://o4it.com/wp-content/uploads/featured-slider-1.jpg]<http://www.o4it.com/>

O4IT - THE CLOUD ENABLER<http://www.o4it.com/> www.o4it.com We are a leading provider of Cloud Technologies, focused on providing the technology and best practices to enable channel partners and resellers to quickly deliver ...


 | ymora@o4it.com<ma...@o4it.com>





[http://www.o4it.com]<http://www.o4it.com>[http://www.linkedin.com/company/1207504]<http://www.linkedin.com/company/1207504>[https://twitter.com/o4it]<https://twitter.com/o4it>[https://www.facebook.com/o4itofficial]<https://www.facebook.com/o4itofficial>[https://www.youtube.com/user/o4itofficial]<https://www.youtube.com/user/o4itofficial>




CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential or proprietary information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, immediately contact the sender by reply e-mail and destroy all copies of the original message.

Re: CloudStack - Virtual Router

Posted by Simon Weller <sw...@ena.com>.
You could set a periodic keep-alive on the cisco side.


Try something like this:

crypro isakmp keepalive 10 5 periodic

- Si


________________________________
From: Yesid Mora <ym...@o4it.com>
Sent: Tuesday, January 19, 2016 10:44 AM
To: users@cloudstack.apache.org
Subject: CloudStack - Virtual Router


Hello guys,



I'm having a problem with a IPSEC vpn between a Cisco and my Virtual router, cause in order to start the traffic on the tunnel the Cisco side needs to send traffic first to my site and then I can ping the Cisco site,



Something like this.



Virtual router site IP 10.10.20.0/24



Cisco site IP 10.10.30.0/24



So the tunnel is up but in order to pass traffic first the cisco site needs to send a ping to my site after that the tunnel works just perfect.



Thanks.





Cordialmente / Best regards,





Yesid Mora | Orchestration Engineer | O4IT


PBX:+57 (1) 423-5460  Ext  251  | Cel: 3124509565


Cr. 7 #74-56 | Oficina 202 | Bogotá, Colombia


www.o4it.com<http://www.o4it.com>

[http://o4it.com/wp-content/uploads/featured-slider-1.jpg]<http://www.o4it.com/>

O4IT - THE CLOUD ENABLER<http://www.o4it.com/>
www.o4it.com
We are a leading provider of Cloud Technologies, focused on providing the technology and best practices to enable channel partners and resellers to quickly deliver ...


 | ymora@o4it.com<ma...@o4it.com>





[http://www.o4it.com]<http://www.o4it.com>[http://www.linkedin.com/company/1207504]<http://www.linkedin.com/company/1207504>[https://twitter.com/o4it]<https://twitter.com/o4it>[https://www.facebook.com/o4itofficial]<https://www.facebook.com/o4itofficial>[https://www.youtube.com/user/o4itofficial]<https://www.youtube.com/user/o4itofficial>




CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential or proprietary information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, immediately contact the sender by reply e-mail and destroy all copies of the original message.