4. [RESOLVED] No return traffic, but other end is sending.

[RESOLVED] No return traffic, but other end is sending.

  • J

    We're doing an IPSEC tunnel to a Check Point and the tunnel is established and passing traffic up to a point. We see traffic on the check point end both coming and going on the tunnel, but on the pfSense end, we only see traffic going.

    Unfortunately the pfsense box has a 192.168 address for the WAN with a 1:1 NAT. But, as I mentioned, the tunnel is established and passing traffic, so I would think this would be a pfense config issue.

    I have NAT disabled with no rules created, etc. I'm not thinking it would need it. I see nothing in the logs for the return traffic. Packets out on Child SA is hundreds, but Packets IN is 0. I created any/any/any rules on WAN, LAN and IPSEC but no luck. Not sure what else to check.

    0
  • C

    Almost certain the ESP traffic from the Checkpoint side inbound to the pfSense side is getting blocked by whatever device upstream is doing the NAT.

    0
  • J

    Looks like you were right. They did something, probably finally enabled 1:1 NAT, and now it magically works. Thanks

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy