route traffic via IPSec tunnel in Cyberoam firewall


It took almost 2 days for me to resolve this problem -> traffic didn’t pass through the IPSec tunnel in Cyberoam firewall. I read most of KB articles in Cyberoam that talks about it. I grouped here all the checklists that you need to verify.

Log shows EST-P1: Peer did not accept any proposal sent, Message ID 17853

1.Define the subnets or hosts that must be routed via IPSec

Ref this KB article for details

2. Check if firewall rules are created to allow traffic from LAN to VPN and vice versa

Ref this KB article in detail

3. Check priority of VPN and static routes

Ref this KB article in detail

Okay, for me, all these checklists were ticked but traffic was still not following through the IPSec tunnel. I hope you got into similar situation.

4. And I finally did this, I initiated ping from the host behind remote peer (in my case, remote peer was Paloalto Firewall), and it worked for me. Cyberoam started routing those traffic through the IPSec. 

so every time cyberoam VPN goes down during internet failure or firewall maintenance, I had issue with Cyberoam routing traffic via IPSec, I initiate ping from the remote host in order to make it work! You need to perform from atleast from one host in each IP subnet that is participating in the VPN tunnel.


Related Articles & Comments

Thank you for visiting us. To continue receiving updates, please Subscribe to our Social Media Channels.

Menu Title
%d bloggers like this: