pfSense AWS Ipsec tunnel phase 2 show 0 bytes of data
-
We have an IPsec tunnel between our pfSense device at AWS and a remote Cisco VPN device. Both phase1 and phase2 of IPsec tunnel is up, however, the bytes sent and received and packets sent and received are showing 0. We have DPD enabled at our side and can see in the IPsec logs that the keep alive packets are being sent. We tried to to do ping and telnet to the remote encryption domain IP address but there is no response. Doesn't the bytes sent and packets sent count should increase when keep alive, ping and telnet packets are sent from our side irrespective of the response from remote end?
-
Could someone help me to solve this problem, thanks.
-
No, the packet/bytes counters there show only traffic sent over the tunnel. They will not show the DPD traffic that is part of the tunnel itself.
You should see pings and telnet though so it's probably not being sent.
How are you testing it? Where are you testing from?If it's from some other host in the AWS VPC you will need the appropriate routing configure in AWS and you will need the source/destinations checks disabled for the pfSense instance.
Steve
-
Yes I am testing from another host in the AWS VPC. Could you please guide me at which settings in AWS VPC we can define the routing towards pfSense and how to disable source/destination checks for pfSense instance?
-
