Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [RESOLVED] No return traffic, but other end is sending.

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jjj
      last edited by

      We're doing an IPSEC tunnel to a Check Point and the tunnel is established and passing traffic up to a point. We see traffic on the check point end both coming and going on the tunnel, but on the pfSense end, we only see traffic going.

      Unfortunately the pfsense box has a 192.168 address for the WAN with a 1:1 NAT. But, as I mentioned, the tunnel is established and passing traffic, so I would think this would be a pfense config issue.

      I have NAT disabled with no rules created, etc. I'm not thinking it would need it. I see nothing in the logs for the return traffic. Packets out on Child SA is hundreds, but Packets IN is 0. I created any/any/any rules on WAN, LAN and IPSEC but no luck. Not sure what else to check.

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Almost certain the ESP traffic from the Checkpoint side inbound to the pfSense side is getting blocked by whatever device upstream is doing the NAT.

        1 Reply Last reply Reply Quote 0
        • J
          jjj
          last edited by

          Looks like you were right. They did something, probably finally enabled 1:1 NAT, and now it magically works. Thanks

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.