Pfsense IPSec IKEv2 Tunnel to Azure - Traffic not routed to azure except from pfsense itself
-
Hi,
before bashing me, I already read all posts I've found in WWW.... :-(
My configuration:
Azure VNET: 10.0.0.0/16
Azure GW subnet: 10.0.0.0/24
Azure client subnet: 10.0.254.0/24Local Subnet (on prem): 192.168.2.0/24
I configured my tunnel phase 1 & 2 settings based on: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices
Azure: Tunnel is up and running...
PFSense: Tunnel is up and running...
Which means the site-to-site connection is working fine.Firewall Rules local interface to Azure: allow ALL/ALL
Firewall Rules IPSEC to local: allow ALL/ALLMy PFsense WAN interface has a static public WAN IP via my ISP.
The issue::
Pinging the Azure client from my local client: Nope Nope Nope Nope.... whaaat?!??!
I don't understand, why pinging or any form of access just won't work from the on prem infrastructure to my Azure infrastructure, when the other way around just works fine.Troubleshooting so far:
Ping from Azure client to local client: yeeehaaa... working fine...
Ping from PFsense to Azure client: yeeeeeeeeehaaaaaa... working fine....
tracert from Azure to local: first hop responds with a *, second hop responds with the local IP address.
tracert from local to Azure: all hops respond with *I'll try to configure Point-To-Site configuration just for testing my Azure config but I'm sure everything is configured correctly on the cloud-side.
If you have any hints, ideas, whatever just feel free...
Thanks!
BR
Martin