Last Modified: Nov 22, 2021
Opened: Feb 03, 2015
The default-traffic-selector-interface is IPv6-IPv6 by default. This causes the IPsec ESP to drop the decrypted non-IPv6 packets inside the IPsec tunnel.
Unable to send IPv4 traffic over IPv6 IPsec tunnel interface. Service unreachable.
Configure IPsec tunnel interface such that the IPsec tunnel is IPv6, and the internal packet is IPv4.
The fix would examine the internal packet of IPsec ESP tunnel by looking at the IPv4/6 header version field.