IPSEC VPN terminating on pfSense - LAN transit network to internal LAN

NAT
Log in to reply
  • M

    Hi,

    I have having a brain blowup on a test VPN of a new pfSense 2.4.5 HA install.

    IPSEC VPN between 2 offices using pfSense 2.4.*. Tunnel is established phase 1 and phase 2.

    The local side is a pfSense 2.4.5 HA cluster established to eventually replace the existing gateway - cisco ASA 5520. The local pfSense has its own transit LAN 10 net into the internal network which terminates into a Cisco 3750 with a routed port back to the pfSense box. IP routing is enabled on the 3750 and a static route has been added to the main internal LAN router as well as the Cisco ASA for the Cisco 3750 acting as the gateway for the pfSense cluster.

    I can ping from the remote side of the tunnel to the INTERNAL host on the local side, I can see the traffic enter the IPSEC interface and the LAN interface IN, and the LAN interface OUT, but I never receive a response back from the internal host.

    All internal LAN networks have a static route created on the local pfSense side and point to the 3750 gateway address (.1).

    Should I add an ACL on the 3750 or a static route to the internal host I am trying to communicate with? I have the IPSEC rules opened up and manual outbound NAT is configured as per the netgate docs.

    Thanks for any input.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy