Celso, You should be able to create new ACL lists and also change which one is applied to the Tier.
For the VPN return traffic you need to ensure that you have an ACL rule allowing the traffic. You could simply add an allow all rule for the CIDR of the remote network in the appropriate ACL List. Regards Geoff Higginbottom CTO / Cloud Architect D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel:+442036030540> | M: +447968161581<tel:+447968161581> geoff.higginbot...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com> | www.shapeblue.com<htp://www.shapeblue.com/> | Twitter:@cloudstackguru<https://twitter.com/#!/cloudstackguru> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS<x-apple-data-detectors://5> On 3 Mar 2014, at 22:05, "motty cruz" <motty.c...@gmail.com<mailto:motty.c...@gmail.com>> wrote: Thanks for your reply Geoff, in CS Network - VPC - vpc1 - Router - Network ACL Lists I see two default_allow and default_deny, I am unable to change or remove this ACLs Thanks, Celso On Mon, Mar 3, 2014 at 1:45 PM, Geoff Higginbottom < geoff.higginbot...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com>> wrote: Do you am have a default allow or default deny on the VPC Tier? Regards Geoff Higginbottom CTO / Cloud Architect D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel: +442036030540> | M: +447968161581<tel:+447968161581> geoff.higginbot...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com><mailto:geoff.higginbot...@shapeblue.com> | www.shapeblue.com<http://www.shapeblue.com><htp://www.shapeblue.com/> | Twitter:@cloudstackguru< https://twitter.com/#!/cloudstackguru> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS<x-apple-data-detectors://5> On 3 Mar 2014, at 21:09, "motty cruz" <motty.c...@gmail.com<mailto:motty.c...@gmail.com><mailto: motty.c...@gmail.com<mailto:motty.c...@gmail.com>>> wrote: Hi Geoff, the CIDR of the remote network is 192.168.0.0/24 IKE policy : 3des-md5 ESP policy 3des-md5 IKE lifetiem : 86400 ESP lifetime 3600 dead peer detection yes state Error Status: Resource[Site2SiteVpnConnection:31]is unreachable: Failed to apply site-to-site VPN That is the error i'm getting, In /var/log/message : Mar 3 20:59:23 r-171-VM cloud: ipsectunnel.sh: done ipsec tunnel entry for right peer=client_public_ip right networks=192.168.0.0/24 Mar 3 20:59:23 r-171-VM cloud: ipsectunnel.sh: checking connection status... Mar 3 20:59:24 r-171-VM cloud: ipsectunnel.sh: checking connection status... Mar 3 20:59:25 r-171-VM cloud: ipsectunnel.sh: checking connection status... Mar 3 20:59:26 r-171-VM cloud: ipsectunnel.sh: checking connection status... Mar 3 20:59:27 r-171-VM cloud: ipsectunnel.sh: checking connection status... Mar 3 20:59:28 r-171-VM cloud: ipsectunnel.sh: fail to connect to remote, status code: 11 Mar 3 20:59:28 r-171-VM cloud: ipsectunnel.sh: would stop site-to-site VPN connection Mar 3 20:59:28 r-171-VM cloud: ipsectunnel.sh: removing configuration for ipsec tunnel to client_public_ip On Mon, Mar 3, 2014 at 12:27 PM, Geoff Higginbottom < geoff.higginbot...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com><mailto:geoff.higginbot...@shapeblue.com>> wrote: Motty, What is the CIDR of the remote network ? Regards Geoff Higginbottom CTO / Cloud Architect D: +44 20 3603 0542<tel:+442036030542> | S: +44 20 3603 0540<tel: +442036030540> | M: +447968161581<tel:+447968161581> geoff.higginbot...@shapeblue.com<mailto:geoff.higginbot...@shapeblue.com><mailto:geoff.higginbot...@shapeblue.com <mailto:geoff.higginbot...@shapeblue.com> | www.shapeblue.com<http://www.shapeblue.com><http://www.shapeblue.com><htp://www.shapeblue.com/> | Twitter:@cloudstackguru< https://twitter.com/#!/cloudstackguru> ShapeBlue Ltd, 53 Chandos Place, Covent Garden, London, WC2N 4HS<x-apple-data-detectors://5> On 3 Mar 2014, at 18:17, "motty cruz" <motty.c...@gmail.com<mailto:motty.c...@gmail.com><mailto: motty.c...@gmail.com<mailto:motty.c...@gmail.com>><mailto: motty.c...@gmail.com<mailto:motty.c...@gmail.com><mailto:motty.c...@gmail.com>>> wrote: Hello All, I'm having issues with a site-to-site VPN connection on Cloudstack Advance Network. vpc-1 CIDR 10.99.0.0/16 vpc-tier-1 10.99.1.0/24 customer gateway match client settings, in Virtual Router I see connections coming from client IP but no route back. If I log in to VR, I am able to pint client's IP. The outisde firewall not filtering outgoing traffic, and incoming traffic from client's IP is allow all. any idea or suggestions? Thanks, Need Enterprise Grade Support for Apache CloudStack? Our CloudStack Infrastructure Support< http://shapeblue.com/cloudstack-infrastructure-support/> offers the best 24/7 SLA for CloudStack Environments. Apache CloudStack Bootcamp training courses **NEW!** CloudStack 4.2.1 training< http://shapeblue.com/cloudstack-training/> 18th-19th February 2014, Brazil. Classroom< http://shapeblue.com/cloudstack-training/> 17th-23rd March 2014, Region A. Instructor led, On-line< http://shapeblue.com/cloudstack-training/> 24th-28th March 2014, Region B. Instructor led, On-line< http://shapeblue.com/cloudstack-training/> 16th-20th June 2014, Region A. Instructor led, On-line< http://shapeblue.com/cloudstack-training/> 23rd-27th June 2014, Region B. Instructor led, On-line< http://shapeblue.com/cloudstack-training/> This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark. This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark. This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Shape Blue Ltd or related companies. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Shape Blue Ltd is a company incorporated in England & Wales. ShapeBlue Services India LLP is a company incorporated in India and is operated under license from Shape Blue Ltd. Shape Blue Brasil Consultoria Ltda is a company incorporated in Brasil and is operated under license from Shape Blue Ltd. ShapeBlue is a registered trademark.
