IPsec tunnel one-way traffic



  • Dear Everyone,

    This is my first forum post ever, but I finally went for it because of a very frustrating issue  ;)
    We have the following setup in our company:

    [Pfsense box Branch Office] <–OpenVPN--> [Pfsense box HQ] <–IPSec--> [Cisco IOS device]

    When using the LAN at the Pfsense in the branch office to reach a LAN at the Cisco IOS device, the tunnel is succesfully built but no return traffic is being received. IPsec SAD's are available both ways. Apparently there is a problem with the IPsec connection to the Cisco since the counters for packets being sent are increasing. The LAN networks that are routed through a core switch at HQ are sometimes working without NAT, but sometimes not. There is a no NAT rule present for all IPsec interface traffic and it is placed up on top. I have checked all attributes for P1 and P2 with the Cisco engineer and all seems to match. I checked the state table to double check that the traffic is indeed not NATed. No traffic is being dropped by the firewall. The only workaround now is NAT overload in the IPsec configuration. Can anyone here shed a light on this issue since other IPSec tunnels are working normally.

    PS I am using 12 P2 proposals. I don't know if that is an issue?

    Thanks in advance for your support!