4. PFSense Site to Site with Sonicwall Multiple Subnets

PFSense Site to Site with Sonicwall Multiple Subnets

  • J

    Hope someone can help me here, This is my first PFSense (2.3.2), I'm trying to connect to a Sonicwall NSA2600 via IPSec. I can get the tunnel come up fine as long as I don't add a second phase 2, which is needed. When I add a second phase 2 (copy of the first but a different remote network). It shows it connects to both but only one will work. On the Sonicwall side I have it setup to allow both networks via address objects. When I do a packet capture on the Sonicwall, the phase 2 that fails to ping gives me "DROPPED, Drop Code: 408(Octeon Decrypyion Failed Selector check), Module Id: 20(ipSec)". Which means it can't decrypt that Phase 2. It must be something in my Phase 2 that I am missing. Also, it is not always the new phase 2 I add, it seem if I reboot the PFSense the first network I trying pinging it happens to.

    Any help would be great.

    Jon
    ![PFSense IPSec.png](/public/imported_attachments/1/PFSense IPSec.png)
    ![PFSense IPSec.png_thumb](/public/imported_attachments/1/PFSense IPSec.png_thumb)

    0
  • LAYER 8 Netgate

    Like the Cisco ASA, I don't think the Sonicwall can handle multiple traffic selectors on a child SA like that. Try enabling split connections on the "Phase 1".

    0
  • J

    Thank you! That worked.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy