Ipsec fortigate - pfsense responder only
dome89 last edited by
At different customers I have installed Fortigate Firewalls with dual wan and now I must connect them in a server farm with PfSense 2.3.1 using a redundant vpn ipsec.
This is the scenario:
customer office: fortigate with two wan connected server farm: pfsense with a single wan
On the fortigate I've created 2 vpn (1 for every wan) that have both the static ip of the pfsense wan as remote gateway and regulated through static route policies.
On fortigate vpn correctly works, respected the static planned route.
The problem is on pfsense: I've created 2 separate vpn with remote gateways corrisponding to the two adsl of the customer.
In the advanced options of the phase 1 i have setted the flag on "Responder Only". I expect me therefore that the pfsense only respond to the connection request from the fortigate but doesn't happen so, since the Pfsense contemporarily activates the two tunnels vpn toward the fortigate.
From the fortigate to the pfsense everything correctly works and there's data exchange through the tunnel while justly from the pfsense to the fortigate no, because there are active in the same instant two tunnels toward a same subnet. (if I disable one of the two vpn on the pfsense data pass correctly).
Any recommendations as to what I could try?