is there any reason why you are using unmanaged mode?
Also did you follow this unmanaged mode documentation?
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------
Original Message:
Sent: Jan 06, 2024 08:15 PM
From: Stefano.Belluomini
Subject: vGateway to vGateway IPSec / Hub Mesh issue
I have tried both deploying Hub Mesh and configuring a manual IPsec tunnel between the two vpnc's and get the same instability of the connection between the two.
Original Message:
Sent: Jan 06, 2024 08:03 PM
From: ariyap
Subject: vGateway to vGateway IPSec / Hub Mesh issue
are you configuring manual IPSEC tunnels between them?
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Jan 05, 2024 06:24 PM
From: Stefano.Belluomini
Subject: vGateway to vGateway IPSec / Hub Mesh issue
We have two vGateways deployed into two different Azure Regions, acting as VPNCs in our network. We setup Hub Meshing between the two and once the tunnels established we were able to ping between VMs and between the two Gateways, although when we attempt to copy files between the two, ICMP packets start dropping and even a 5MB file just fails to copy. Both vGateways are running AOS 10.5.0.1.
Anyone seen this kind of behaviour before? We have an open ticket with TAC, but thought to ask the community as well.
- Both vGateways are unmanaged deployments
- The primary vGateway in the Australia East Region has overlay connections to our physical offices and traffic between the branches and this VPNC is fast - we get 30MBps up/down over SMB, with no ping drops
- The secondary vGateway is in the Australia Southeast Region.
- We have tried both an S2S IPSec tunnel between the two gateways and a Hub Mesh tunnel and they have the same result
Only thing I have noticed is when Hub Mesh or IPSec tunnels are established, the MTU is 1500, whereas all my Hub-Spoke Orchestrated Tunnels have an MTU of 1450... The Aruba TAC engineer did ask about MTU. We were able to change the IPSec tunnel MTU to 1450 by modifying the DPD MTU setting from 1500 to 1450. This has made no difference to the behaviour / packet loss though.