Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPsec tunnel one-way traffic

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 708 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      Cyberwarrior
      last edited by

      Dear Everyone,

      This is my first forum post ever, but I finally went for it because of a very frustrating issue  ;)
      We have the following setup in our company:

      [Pfsense box Branch Office] <–OpenVPN--> [Pfsense box HQ] <–IPSec--> [Cisco IOS device]

      When using the LAN at the Pfsense in the branch office to reach a LAN at the Cisco IOS device, the tunnel is succesfully built but no return traffic is being received. IPsec SAD's are available both ways. Apparently there is a problem with the IPsec connection to the Cisco since the counters for packets being sent are increasing. The LAN networks that are routed through a core switch at HQ are sometimes working without NAT, but sometimes not. There is a no NAT rule present for all IPsec interface traffic and it is placed up on top. I have checked all attributes for P1 and P2 with the Cisco engineer and all seems to match. I checked the state table to double check that the traffic is indeed not NATed. No traffic is being dropped by the firewall. The only workaround now is NAT overload in the IPsec configuration. Can anyone here shed a light on this issue since other IPSec tunnels are working normally.

      PS I am using 12 P2 proposals. I don't know if that is an issue?

      Thanks in advance for your support!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.