OCI Site-to-Site VPN - After a Customer Premises Equipment (CPE) Fail-Over, the Virtual Private Network (VPN) IPsec Traffic Halts
(Doc ID 2993664.1)
Last updated on DECEMBER 18, 2023
Applies to:
Oracle Cloud Infrastructure Site-to-Site VPN - Version N/A and laterInformation in this document applies to any platform.
Symptoms
The traffic stopped flowing through the IPSec tunnel.
The setup details are the following:
A cluster of Check Point devices configured with HA (High Availability) with Active/Standby configuration are used as a CPE device in the On-premises side.
Network Address Translation (NAT) is used on the On-premises side and the private IP address of the On-Premises CPE is used as the CPE IKE identifier on the OCI side.
The IPSec logs on OCI side contained entries like this:
Changes
An On-premises CPE device fail-over was performed.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |