I've set up an ipsec tunnel between erx 1.8.5 and a hillstone firewall and the ipsec tunnel is working fine
ERX
eth0:8.8.8.8
eth2:192.168.2.0/24
HS:
eth0:9.9.9.9
eth2:10.0.0.0/8
now i can ping 10.0.0.1 on the ERL, and any server in 10.0.0.0/8 can ping 192.168.2.1
but, server in 192.168.2.0/24 can not ping 10.0.0.0/24 or 10.0.0.1
so i did a lit dig
i add a firewall policy that log every packet accepted from the ipsec vti, and i found this:
Aug 8 07:12:02 ubnt kernel: [tunnel-default-A]IN=vti0 OUT=eth0 MAC=80:2a:a8:5d:08:fa:dc:d2:fc:f7:29:f7:08:00:45:00:00:3c:34:37:00:00:7e:01:39:a4:0a:66:01:d6:c0:a8:02:02 src=10.102.1.214 DST=192.168.2.2 LEN=60 TOS=0x00 PREC=0x00 TTL=126 ID=13367 PROTO=ICMP TYPE=8 CODE=0 ID=1 SEQ=29275
the packet came from vti0 which should be sent to eth2 are sending to eth0
i've tryed to create some route rules to correct this but none works
so, can anyone help me out ? thx