network to network connection with iSession over the Internet

We want to achieve a L2L connection over the Internet, with iSession: encryption, compression. And no NAT (similar like a L2L IPSec tunnel)

We have 2 LAB VE LTMs (11.4.1, LTM and AAM provisioned), the WAN is only simulated with a VLAN: LAN1 (10.31.5.0/24)---(10.31.5.246) LTM1 (1.1.1.1)---WAN---(1.1.1.2) LTM2 (10.31.29.246)---LAN2 (10.31.29.0/24)

LTM1 has an interface in LAN1, which is 10.31.5.246 LTM1 has an interface in WAN, which is 1.1.1.1 LTM2 has an interface in LAN2, which is 10.31.29.246 LTM2 has an interface in WAN, which is 1.1.1.2

We successfully created the iSession between the devices, and advertised the networks through the iSession. Please check below there is the output from LTM1.

Diagnostics: Acceleration ›› Symmetric Optimization : Diagnostics : Diagnose WOM Configuration also shows everything is OK.

There is NO route added to the device (we believe iSessions should handle routing through iSession advertised routes): Plus we can successfully ping LAN2 from LTM1 and LAN1 from LTM2 without additional routes.

On the LAN1|2 servers we added routes, routing the other LAN to the LTM device self IP.

We have created iSession virtual with wizard: Acceleration ›› Quick Start : Symmetric Properties

We have created name: iSession-TEST, which is forwarding(IP) virtual servers, all sources, destination 0.0.0.0/0, all VLAN, all ports, all protocols

So again, iSession is UP traffic is OK when initiating from LTM. But when initiating from the LANs, it is not working. We receive: Reply from 10.31.5.246: Destination net unreachable. in the LTM tcpdump 10:34:30.864869 IP 10.31.5.21 > 10.31.29.21: ICMP echo request, id 1, seq 16887, length 40 in slot1/tmm1 lis=/Common/iSession-TEST

We see the request hitting the LTM, but not transferred through the iSession.

Please advise!

OUTPUT OF SHOW WOM

Deduplication

Status : ONLINE Codec : sdd-v2 Endpoints maximum : 1

Endpoints active : 1 Endpoint discovery stats

ICMP probes Req. sent: 0          Resp. received: 0
ICMP probes Req. received: 0  Resp. sent: 0
TCP options SYNs sent: 0          ACKs received: 0
TCP options SYNs received: 0  ACKs sent: 0
Endpoints discovered ICMP: 0  TCP: 0

Local endpoint

ADDRESSES: 1.1.1.1
MGMT ADDR: 10.31.0.128  VERSION: 11.4.1
UUID: c7a0:9252:37fb:794e:1a48:b7d2:aca2:2b53
SEVERSSL: serverssl     TUNNEL PORT: 443
ALLOW NAT: disabled     SNAT: none

Remote endpoint: 1.1.1.2

Status HOSTNAME: lab2-big-fra1.datahost.int MGMT ADDR: 10.31.0.129 VERSION: 11.4.1 UUID: 3961:b581:69c4:b0b1:6dd8:b392:2f30:481f enabled STATE: ready BEHIND NAT: no CONFIG STATUS: none DEDUP CACHE: 10.3G CODEC: sdd-v2 REFRESH count: 0 REFRESH timestamp: 0 ALLOW ROUTING: enabled

Endpoint Isession Statistic: _tunnel_data_1.1.1.2

Connections Current Maximum Total Connections OUT IDLE: 0 0 0 Connections OUT ACTIVE: 0 0 0 Connections IN ACTIVE: 0 0 0 Direction Action Raw Opt Out (to WAN) bits Deduplication 0 0 Out (to WAN) bits Compression 0 0 Direction Action Opt Raw In (from WAN) bits Decompression 0 0 In (from WAN) bits Deduplication 0 0

Remote Route: 10.31.29.0/24

Include: enabled Label: Remote endpoint: 1.1.1.2

Server discovery stats

Discovered routes: 0
Routes dropped due to max Discovered routes system limit: 0
Old Discovered routes pruned to make room for new ones: 0
Old Discovered routes pruned from the system: 0

llenard@(lab1-big-fra1)(cfg-sync Standalone)(Active)(/Common)(tmos) show wom rem Components: remote-endpoint remote-route llenard@(lab1-big-fra1)(cfg-sync Standalone)(Active)(/Common)(tmos) show wom remote-route

Remote Route: 10.31.29.0/24

Include: enabled Label: Remote endpoint: 1.1.1.2