Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec Firewall not allowing SNMP

    Scheduled Pinned Locked Moved
    IPsec
    ipsec ipsec rules snmp
    1
    1
    396
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      itvhswq
      last edited by

      Hey all,

      We use a managed print service and they send toner when the printers are low, they manage and monitor this by SNMP. We have multiple sites and I have successfully connected two of these sites with an IPSec site-to-site tunnel.

      Site A - 192.168.10.0/24
      Site B - 192.168.20.0/24

      From the main site I can use an MIB Browser to talk to the 3 printers at our main site, but I am unable to talk to the 1 printer at our remote location.

      I can browse to the printers' WebUI but cannot ping across the IPSec Tunnel - I can't ping any host on either network.

      What I have tried:

      • Adding a rule in the IPSec Firewall to explicitly allow SNMP Traffic to/from the monitor PC to the Printer
      • Adding an allow any rule to access port 161
      • Adding an allow any any rule on the IPSec Firewall
      • Adding a Gateway as discussed in this docu page - https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/access-firewall-over-ipsec.html#ipsec-fwtraffic
      • Binding the SNMP Service of both pfsense boxes to the LAN Interface.

      Possibly a related issue - I cannot ping any host from anywhere.

      Firewall rules at Site A
      alt text

      Firewall rules at Site B
      alt text

      Aliases:

      • ITManDev -> IPs of IT Laptop and Monitor Server
      • Remote_Sites -> List of all sites' networks (plan is to add another 3 IPSec Tunnels)
      • Net_Access -> Port 80 and 443
      • TP_Omada -> Ports used in discovery and management of TP Omada wAPs

      Let me know if any more information is required, thanks in advance
      ~Matt

      1 Reply Last reply Reply Quote 0
      • First post
        Last post