Support Center > Search Results > SecureKnowledge Details
"Accept all encrypted traffic" option does not work on VSX clusters
Symptoms
  • When "Accept All Traffic" option is enabled on a VPN community, this configuration is not applied to members of VSX cluster.
Cause

The entries for accept_all_encrypted_comms table are written in a different way if the cluster is a VSX cluster. Since VS cluster members have 0.0.0.0 as an IP address (they have NO address from a design standpoint), the code writes the entry as scoped to the VS cluster, rather than the gateway object - which does have an IP address.
During atomic policy load, the VSX gateway does not believe that the table is in scope, and the table is not loaded.


Solution
Note: To view this solution you need to Sign In .