Just a quick update also as I forget but yes there is a config issue somewhere. Traceroute from 172.16.1.65 to 10.10.10.226 didn't even go to the 172.16.1.1 vrouter : root@VM-:/home# traceroute 10.10.10.226 traceroute to 10.10.10.226 (10.10.10.226), 30 hops max, 60 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * *
route -n : Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 172.16.1.1 0.0.0.0 UG 0 0 0 ens 172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ens Le mar. 18 juil. 2023 à 12:21, Prod42 Prod <prod...@gmail.com> a écrit : > Hello, > > I've build the following configuration : > **** > VPC 1 --> 1 VPC Subnet (10.0.0.0/8), Two VPC Tiers Subnet ( > 10.10.10.0/24,10.10.20.0/24), 1 VM in each VPC Tiers subnet > > VPC 2 --> 1 VPC Tiers subnet (172.16.0.0/16), One tiers subnet ( > 172.16.1.0/24) > > VPC 1 & VPC 2 --> ACL Default Allow > **** > VPC 1 --> > VM 1 --> > Public IP : Pub_IP_1 static NAT > Private IP : 10.10.10.243, default GW : 10.10.10.1 > SSH from Public IP to the VM OK, ping internet google IP and > Internet DNS URL : OK > > VM 2 --> > Public IP : Pub_IP_2 static NAT > Private IP : 10.10.10.226, default GW : 10.10.10.1 > SSH from Public IP to the VM OK, ping internet google IP and > Internet DNS URL : OK > > Ping VM 1 to VM2 --> ICMP echo & reply OK > **** > > I've tried to build a VPC to VPC IPSEC as I do not have root admin rights > for private gateway. > **** > VPC 1 VPN Gateway --> OK 1 public IP --> source nat type (automatically > configured by the vpn gateway) > > VPC 2 VPC Gateway --> OK 1 public IP --> source nat type (automatically > configured by the vpn gateway) > **** > **** > VPC 2 --> > VM 1 --> > Public IP : Pub_IP_3 static NAT (I've also tried to disable static > NAT and add forwarding rules) > Private IP : 172.16.1.65, default GW : 172.16.1.1 > SSH from Public IP to the VM OK, ping internet google IP and > Internet DNS URL : OK (in both static nat enable and disable with forward > rules activated to port 22) > **** > VPC 1 --> VPN Gateway setup, public IP_IP_4 automatically allocated by ACS > with Source NAT > VPC 2 --> VPN Gateway setup, public IP_IP_5 automatically allocated by ACS > with Source NAT > **** > VPN Gateway configuration : > VPN_customer_gateway_1 --> Public_IP_5, CIDR : 172.16.1.0/24, IPSEC > preshared key xxx, ike policy : aes128-sha1;modp1536, ESP Policy:aes128-sha1, > dpd: false, split connection : false, standard lifetime parameters > VPN_customer_gateway_2 --> Public_IP_4, CIDR : > 10.10.10.0/24,10.10.20.0/24 , IPSEC preshared key xxx, ike policy : > aes128-sha1;modp1536, > ESP Policy:aes128-sha1, dpd: false, split connection : false, standard > lifetime parameters > **** > VPN Connection : > VPC 1 : > IP Address : public IP_IP_4 > State : Connected > Gateway : public IP_IP_5 > > VPC 2 : > IP Address : public IP_IP_5 > State : Connected > Gateway : public IP_IP_4 > **** > When I try to ping from VPC 1/VM1 to VPC 2/VM1, it doesn't work, > traceroute as follows is blocked on vrouter VPC 2. > see here : > 1 r-xxx-vm.acs (10.10.10.1) 0.655 ms 0.512 ms 0.408 ms > 2 172.16.1.1 (172.16.1.1) 1.489 ms * * > 3 * * * > 4 * * * > > I've tried to tcpdump icmp on 172.16.1.65 but don't get any icmp echo > request coming from VPC1/VM1. > I've also tried to ssh from VPC1/VM1 to VPC2/VM1 and tcpdump request, no > connection arrives on VPC2/VM1. > > Do you see what I'm missing here or any misconfiguration ? > > thanks. >
