Azure Pfsense to Onprem Pfsense VTI routed - port 80 works but ping only one way
-
Hello Everyone
I am experiencing a strange issue with my setup.
Azure subnet: 10.3.0.0 /24
Peered with:
Azure subnet: 10.4.0.0 /24(Pfsenes VA)Azure Pfsense virtual appliance. (forwarding enabled on interfaces)
Azure route table entry to forward on-prem LAN traffic to 10.4.1.4
WAN: 10.4.1.4 (associated public IP)
LAN: 10.4.0.4VTI tunnel from VA to on Prem.
WAN: static IP
LAN: 172.30.0.0/16BGP setup between the the VA and the on-prem.
Problem:
The one prem 172.30 network can ping the 10.3 network.
The 10.3 network cannot ping the 172.30 network, but can access router on the web port 80.Anyone have idea what could be causing this? I have scoured the internet with no solution and spent 3 days trying various different fixes, MTU, VSS clamping etc.
Kind Regards
-
Just found the answer
The solution was to create another routing table on the 10.4.0.0/24 subnet.
Both the below rules were needed on both subnets
172.30.0.0 /16 - next hope VA IP 10.4.1.4.
Hindsight is a wonderfull thing.