Hi Bin & Neale,
I know this exchange is a couple of years old now, but I'm having the exact
issue where the Ping reply from VPP is being sent in cleartext rather than
going through the IPSec tunnel. Could you provide some information on how this
was resolved?
Thanks in advance.
Dom
2017 at 7:18 AM
To: "Bin Zhang (binzhang)" <binzh...@cisco.com>
Cc: "vpp-dev@lists.fd.io" <vpp-dev@lists.fd.io>
Subject: Re: [vpp-dev] Need Help on an ipsec Problem
Hi Bin,
That looks like a FIB entry caused by there being an ARP entry for 172.28.128.4
on GigE0/8/0.
t;Bin Zhang (binzhang)" <binzh...@cisco.com>
Date: Tuesday, 19 December 2017 at 02:28
To: "Neale Ranns (nranns)" <nra...@cisco.com>
Cc: "vpp-dev@lists.fd.io" <vpp-dev@lists.fd.io>
Subject: Re: [vpp-dev] Need Help on an ipsec Problem
Hi Neale,
Man
-dev@lists.fd.io"
<vpp-dev@lists.fd.io>
Subject: Re: [vpp-dev] Need Help on an ipsec Problem
Hi Bin,
I expect your IPsec tunnel is not enabled/configured to accept IPv4 packets.
Do:
sh int featuee
and if you see:
ip4-unicast:
ip4-drop
then the tunnel is configured to drop all
Hi Bin,
I expect your IPsec tunnel is not enabled/configured to accept IPv4 packets.
Do:
sh int featuee
and if you see:
ip4-unicast:
ip4-drop
then the tunnel is configured to drop all IPv4 packets.
In order to enable any interface to receive IP it must either have an IP
address applied;