4. PFSense Site to Site with Sonicwall Multiple Subnets

PFSense Site to Site with Sonicwall Multiple Subnets

  • J

    Hope someone can help me here, This is my first PFSense (2.3.2), I'm trying to connect to a Sonicwall NSA2600 via IPSec. I can get the tunnel come up fine as long as I don't add a second phase 2, which is needed. When I add a second phase 2 (copy of the first but a different remote network). It shows it connects to both but only one will work. On the Sonicwall side I have it setup to allow both networks via address objects. When I do a packet capture on the Sonicwall, the phase 2 that fails to ping gives me "DROPPED, Drop Code: 408(Octeon Decrypyion Failed Selector check), Module Id: 20(ipSec)". Which means it can't decrypt that Phase 2. It must be something in my Phase 2 that I am missing. Also, it is not always the new phase 2 I add, it seem if I reboot the PFSense the first network I trying pinging it happens to.

    Any help would be great.

    Jon
    ![PFSense IPSec.png](/public/imported_attachments/1/PFSense IPSec.png)
    ![PFSense IPSec.png_thumb](/public/imported_attachments/1/PFSense IPSec.png_thumb)

    0
  • LAYER 8 Netgate

    Like the Cisco ASA, I don't think the Sonicwall can handle multiple traffic selectors on a child SA like that. Try enabling split connections on the "Phase 1".

    0
  • J

    Thank you! That worked.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy