I have an odd intermittent problem. We have central balance 710s and many pepwave max-br1 peers.
Each has pepvpn tunnel to central B710.
There are set to route unique subnets at remote peers - not NAT.
This is remote IP phones reaching a softswich at central site
Normally everything works great, but occasionally one or tworandom peers will stop successfully routing data from remote subnet to central one.
When you get into the details it is odd:
phone is sending registration packets to switch.
these packets are seen by pepwave and are visible and correct in packet capture in pepwave
the packets do not reach the central switch
it appears that the packets do not reach the balance 710, but I am not sure of that, as there is so much traffic that a packet capture there is difficult
at the same time that this is occuring, a ping from the softswitch tot he remote phone returns correctly.
i.e. - from site A you can ping device at site B. at same time device at site B that initiates packet to site A fails.
When this happens, it is all devices at the remote site.
If I disable/enable the vpn the packets now get through.
Since you performed the Network Capture on BR1, Have you seen the SIP registration packet went into the WAN interface? You may open ticket for us to take closer look.
HI, we are experiencing an intermittent problem with traffic flows established in one direction succeeding, while the other direction they fail. However it is when using IPSec from Peplink Balance to Cisco ASA.
Was there a resolution to this?
We are still having this occur on a regular basis and have been providing as much detail as possible to engineering, including diagnostic reports when it occurs. Still not sure if it is being caused at the B710 (hub) or pepwave (peer) end, but we received a custom firmware release last night which we are testing now. Since we have zero to three of these events on scattered devices each day, it will be a week or more before we know for sure if the issue is corrected.
To recap the problem:
Pepwave has two speedfusion connections to my two data centers MEMPHIS and COLUMBUS
At some point one of them will stop routing data. so the phones failover tot he other location
The odd thing is that the tunnel is routing the other way
so from phone ping server in memphis fails.
from server ping phone succeeds.
That means that a session initiated from the hub end reaches the phone and return packets get through, but sessions initiated form the phone do not reach the server (confirmed that no packets reach the server at all).
Disable/enable the memphis vpn and it starts working.
Additionally…this happens randomly to perhaps 15 of our peers, out of 150. No obvious correlation between them. Nothing obvious as to why it happens to those and not the others