Multiple IPSEC VPN Tunnels work but new one doesnt...
-
Hey Gang!
Big fan of PfSense platform and could really use some help from the community.
I have a client with one main office with several satellites.
The main office (site A) is running a Netgate XG-7100 DT (with 32GB storage and 8GB memory) and the sister office (site B) is running a Netgate XG-7100 DT (with 32GB storage and 8GB memory) as well. They both run FiOS business with gigabit service and are connected via IPSEC VPN. All appliances are running the latest 21.2 release of PfSense
They have been expanding quickly and hiring remote workers so I configured site A for OpenVPN and a handful of remote workers are connecting via Viscosity VPN software. They added another small office (site C) and I installed a Netgate SG-3100 to connect to Site A via IPSEC VPN and it works great.
THEN…
Site B had an additional FiOS installation (separate from site B original) to support another office on the other site of the property so ill refer to this as Site B1 and Site B2 to distinguish between the two separate services.
I installed another Netgate SG-3100 for Site B2 and while I have internet connectivity, I cant get the IPSEC VPN to work between Site A and Site B2. I verified with Verizon that there are no ports being blocked on business service.
I could understand messing up the IPSEC config and not having it work, but I already have several connections running and am using the SAME EXACT setup for Site B2 (with the respective changes obviously) but cant get it to work. I even tried different settings (making sure they are the same on Site A and Site B2) with no luck. As far as I know, the config choices are not critical as long as they are identical on both sides (as with a network cable – pins can be whatever color you want as long as they match on both ends – standard is not relevant).
Site A is the only one hosting multiple connections as all satelite offices, whether IPSEC or OPENVPN go directly to it.
I don’t understand the output from the log output respective to the IPSEC and firewall settings so I am not sure if they are telling me something I cant process. I do have an ALL PASS rule for IPSEC traffic on both sides.
I am so frustrated… Thoughts? I can provide whatever data is needed to help.
Thanks so much for taking the time to read this. I really appreciate your input.
Marc