I am trying to get a ipsec VPN set up with vMX ( multiple cards : 2 RE, vMS-MPC Slot 0, FPC slot 1).
I built vMX on EVE, firmware 18.1R2.6
Resource for vMS-MPC: 8vCPU, 8GB RAM, 3 NICs ( type e1000 ) (use metadata-usb-service-pic-2g.img ).
I saw vMX can boot up successfully with all cards, interfaces (lite-mode for FPC 0).
I tried to configure VPN between vMX and vASA. Once the VPN tunnel is established
I beleive I have been able to get the initial tunnel to build based on the output of some verfication commands that I have done. However, when I try to ping IP address from vMX side of the tunnel (192.168.2.10 to 192.168.1.10), I am unable to do so. I also have a packet capture running between the VMXs and I don't even see ESP packets. When I try to ping from vASA side(192.168.1.10 to 192.168.2.10), I can see ESP traffic. It looks to me like the traffic is not even getting put into the tunnel for whatever reason from vMX site. That is where my confusion is, and that's where I am stuck right now.
In my experience, I connect physical port ge-1/0/1 on EVE, I should configure ge-1/0/0 in the configuration.
I connect ge-0/0/0 each FPC as “fabric link” between FPCs. I am not sure about this link is useful or not. It is useful when I need packets switching between normal FPCs.
I have attached the configs, as well as some verificaiton commands in a file (vmx_broke.txt) along with the diagram, vmx_setup.
If someone would be able to take a look at the configs and tell me what I am doing wrong, I would really appreciate it.
There really isn't too much documentation around setting up a VPN on an MX series besides the article that I found above which is frusterating as well.
Thanks for any help that can be provided, and please let me know if there is any additonal information that I can provide.