Me, every time I get called to troubleshoot an IPSec VPN
Co-worker: “Can you help us troubleshoot a VPN between a Palo Alto FW and a Cisco ASR1k? I think we have an encryption domain mismatch”
Me: “Sure. Is the VPN policy-based or route-based?”
Co-Worker: “What do you mean? What’s the difference?”
Me: “Yeah…so let’s start there…”
Damn, this is so real, i hate IPsec tunnels.
I’ve been there. The struggle is real.
To the guy who got a million downvotes for saying there’s no IPSec tunnels in 2021, it may shock you learn that proxies are still a thing too.
Who uses vpns in 2021
I hate IPSec VPN’s !!! Long live wireguard !
I learned the hard way that whenever you configure a s2s vpn against aws/azure. You HAVE to use route based vpns otherwise only one phase2 tunnel will come up. That was a loong tshoot session.
M8 my whole world is tunnels these days.
As compared to what?
I get asked to help configuring VPNs to AWS every few weeks and this the most common issue by far, especially on Fortigates and Cisco ASAs.
GCP still supports policy-based VPNs via the Classic VPN product, but that’s being end-of-lifed in about 6 months. So route-based is definitely the way to go for anything cloud.
Guess I should clarify who manually configures them, especially at a branch or end user location. Sdwan, zscaler etc.