Why are my IPSec tunnels down even though the configuration was correct and was not changed?
If no traffic is sent through the IPSec , the tunnels will go down. They will go up as soon as traffic coming from the customer's application server comes through. AWS documentation states: "The VPN tunnel comes up when traffic is generated from your side of the VPN connection. The AWS endpoint is not the initiator; your customer gateway device must initiate the tunnels. "
The traffic I receive on my server does not come from my EMnify endpoint IPs. Why?
When configuring the IPSec, make sure all traffic coming from the ranges 100.64.0.0/10, 10.192.0.0/12, 10.4.0.0/14 are allowed. These are our advertising IP and traffic might come from any of them. If you cannot accept traffic from all the ranges, you can de-aggregate the advertised IP with the feature BGP conditional route injection if you have chosen a dynamic VPN configuration. In this case, you need to update your configuration each time a new /22 IP range is assigned to your account."
Why do my newly configured endpoints don't send data through my CloudConnect?
- Each time a new IP address range is added to your account to create new endpoints, the range needs to be configured on our firewall. Please open a ticket to email@example.com to request our team to update our firewall and add the new ranges. Feel free to add several ranges at once.
- Make sure the service profile assigned to the new endpoints also uses the correct Internet Breakout Region. It has to be one of the three "(VPN)" options.