Hi Colin,
I have checked the ip route output and there were only local controller that has ip route to "default-local-master-ipsec" listed; while on master controller, no ip route defined using ipsec.
Master has static public IP address while local is dynamic address.
On local, i have set static route to master-local-subnet thru IPSEC and it connected, but not the other way around.
On master, do I have to defined local controller using its public ip?
here are the output of both controller regarding IPSEC-MAP.
Spoiler(MASTER) #show crypto-local ipsec-map
Crypto Map Template"default-local-master-ipsecmap" 9999
IKE Version: 1
IKEv1 Policy: All
Security association lifetime seconds : [300 -86400]
Security association lifetime kilobytes: N/A
PFS (Y/N): N
Transform sets={ default-ml-transform }
Peer gateway: 0.0.0.0
Interface: VLAN 0
Source network: 0.0.0.0/0.0.0.0
Destination network: 0.0.0.0/0.0.0.0
Pre-Connect (Y/N): N
Tunnel Trusted (Y/N): Y
Forced NAT-T (Y/N): N
Uplink Failover (Y/N): N
IP Compression (Y/N): Y
(MASTER) #
(MASTER) #show ip route
Codes: C - connected, O - OSPF, R - RIP, S - static
M - mgmt, U - route usable, * - candidate default, V - RAPNG VPN/Branch
Gateway of last resort is Imported from DHCP to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from CELL to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from PPPOE to network 0.0.0.0 at cost 10
Gateway of last resort is 172.16.0.1 to network 0.0.0.0 at cost 1
S* 0.0.0.0/0 [1/0] via 172.16.0.1*
------> no ipsec
(MASTER) #
(LOCAL) #show crypto-local ipsec-map
Crypto Map Template"default-local-master-ipsecmap" 9999
IKE Version: 1
IKEv1 Policy: All
Security association lifetime seconds : [300 -86400]
Security association lifetime kilobytes: N/A
PFS (Y/N): N
Transform sets={ default-ml-transform }
Peer gateway: [pbl.ip.mastr]
Interface: VLAN 0
Source network: 192.168.100.254/255.255.255.255
Destination network: 192.168.10.1/255.255.255.255
Pre-Connect (Y/N): Y
Tunnel Trusted (Y/N): Y
Forced NAT-T (Y/N): N
Uplink Failover (Y/N): N
IP Compression (Y/N): Y
(LOCAL) #
(LOCAL) #show ip route
Codes: C - connected, O - OSPF, R - RIP, S - static
M - mgmt, U - route usable, * - candidate default, V - RAPNG VPN/Branch
Gateway of last resort is Imported from DHCP to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from CELL to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from PPPOE to network 0.0.0.0 at cost 10
Gateway of last resort is 192.168.100.1 to network 0.0.0.0 at cost 10
S* 0.0.0.0/0 [10/0] via 192.168.100.1*
S 192.168.0.0/24 [1/0] ipsec map default-local-master-ipsecmap --> the default ipsec
--
--
C 192.168.10.1/32 is an ipsec map default-local-master-ipsecmap --> new ip route through ipsec
(LOCAL) #
Thanks
Yopianus Linga