4. [RESOLVED] No return traffic, but other end is sending.

[RESOLVED] No return traffic, but other end is sending.

  • J

    We're doing an IPSEC tunnel to a Check Point and the tunnel is established and passing traffic up to a point. We see traffic on the check point end both coming and going on the tunnel, but on the pfSense end, we only see traffic going.

    Unfortunately the pfsense box has a 192.168 address for the WAN with a 1:1 NAT. But, as I mentioned, the tunnel is established and passing traffic, so I would think this would be a pfense config issue.

    I have NAT disabled with no rules created, etc. I'm not thinking it would need it. I see nothing in the logs for the return traffic. Packets out on Child SA is hundreds, but Packets IN is 0. I created any/any/any rules on WAN, LAN and IPSEC but no luck. Not sure what else to check.

    0
  • C

    Almost certain the ESP traffic from the Checkpoint side inbound to the pfSense side is getting blocked by whatever device upstream is doing the NAT.

    0
  • J

    Looks like you were right. They did something, probably finally enabled 1:1 NAT, and now it magically works. Thanks

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy