Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC VPN terminating on pfSense - LAN transit network to internal LAN

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 203 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mstreet
      last edited by

      Hi,

      I have having a brain blowup on a test VPN of a new pfSense 2.4.5 HA install.

      IPSEC VPN between 2 offices using pfSense 2.4.*. Tunnel is established phase 1 and phase 2.

      The local side is a pfSense 2.4.5 HA cluster established to eventually replace the existing gateway - cisco ASA 5520. The local pfSense has its own transit LAN 10 net into the internal network which terminates into a Cisco 3750 with a routed port back to the pfSense box. IP routing is enabled on the 3750 and a static route has been added to the main internal LAN router as well as the Cisco ASA for the Cisco 3750 acting as the gateway for the pfSense cluster.

      I can ping from the remote side of the tunnel to the INTERNAL host on the local side, I can see the traffic enter the IPSEC interface and the LAN interface IN, and the LAN interface OUT, but I never receive a response back from the internal host.

      All internal LAN networks have a static route created on the local pfSense side and point to the 3750 gateway address (.1).

      Should I add an ACL on the 3750 or a static route to the internal host I am trying to communicate with? I have the IPSEC rules opened up and manual outbound NAT is configured as per the netgate docs.

      Thanks for any input.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.