IPSEC VPN traffic issue



  • Hello,

    i have a problem with IPSec traffic, the Phase 1 is build between an PFSense (VM) and a Fortinet VDOM firewall, connection is UP and the inside of the PFSense is pingable through the IPSec from the 10.133.10.1 Cisco Router.
    it is also possible to ping the Cisco on 10.133.10.1 from the PFsense interface with ip 172.30.255.254.
    i can also ping the VM on 172.30.255.8 from the PFsense from the interface with ip 172.30.255.254. (reverse is also possible)

    if i make a packet trace in the PFSense i do see ICMP traffic from the 172.30.255.8 to the 10.133.10.1 and do get the ping reply in the trace, but somehow it doesn't reach the VM on 172.30.255.8

    underneeth the trace info (if more info is needed please let me know)

    11:13:48.835552 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:48.835584 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:48.835597 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:48.835608 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:48.835637 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:48.835648 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:48.835659 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:48.835691 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 226
    11:13:48.846177 IP xx.xx.xx.xx.53836 > 10.0.0.254.443: tcp 0
    11:13:48.848259 IP xx.xx.xx.xx.53836 > 10.0.0.254.443: tcp 0
    11:13:48.849762 IP xx.xx.xx.xx.53836 > 10.0.0.254.443: tcp 0
    11:13:49.146211 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33410, length 8
    11:13:49.146770 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33410, length 8
    11:13:49.669779 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33411, length 8
    11:13:49.670054 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33411, length 8
    11:13:50.210988 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33412, length 8
    11:13:50.212113 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33412, length 8
    11:13:50.748429 IP xx.xx.xx.xx.53836 > 10.0.0.254.443: tcp 83
    11:13:50.748519 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 0
    11:13:50.748560 IP xx.xx.xx.xx.53836 > 10.0.0.254.443: tcp 246
    11:13:50.748604 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 0
    11:13:50.748809 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33413, length 8
    11:13:50.749069 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 42
    11:13:50.749207 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33413, length 8
    11:13:50.754416 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:50.754453 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:50.754483 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:50.754526 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 20
    11:13:50.765136 IP xx.xx.xx.xx.53836 > 10.0.0.254.443: tcp 0
    11:13:51.269748 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33414, length 8
    11:13:51.270231 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33414, length 8
    11:13:51.811030 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33415, length 8
    11:13:51.811882 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33415, length 8
    11:13:52.352514 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33416, length 8
    11:13:52.353138 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33416, length 8
    11:13:52.869674 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33417, length 8
    11:13:52.870347 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33417, length 8
    11:13:53.266944 IP xx.xx.xx.xx.53836 > 10.0.0.254.443: tcp 83
    11:13:53.267003 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 0
    11:13:53.267806 IP xx.xx.xx.xx.53836 > 10.0.0.254.443: tcp 246
    11:13:53.267834 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 0
    11:13:53.267924 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 42
    11:13:53.271812 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:53.271839 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:53.271856 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:53.271872 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 20
    11:13:53.282882 IP xx.xx.xx.xx.53836 > 10.0.0.254.443: tcp 0
    11:13:53.333422 IP xx.xx.xx.xx.53836 > 10.0.0.254.443: tcp 0
    11:13:53.411005 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33418, length 8
    11:13:53.411764 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33418, length 8
    11:13:53.923560 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33419, length 8
    11:13:53.924048 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33419, length 8
    11:13:54.464965 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33420, length 8
    11:13:54.465406 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33420, length 8
    11:13:54.687048 IP 10.0.0.254.4500 > 145.128.245.107.4500: UDP, length 112
    11:13:54.689703 IP 145.128.245.107.4500 > 10.0.0.254.4500: UDP, length 112
    11:13:55.006290 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33421, length 8
    11:13:55.006762 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33421, length 8
    11:13:55.169667 ARP, Request who-has 10.0.0.5 tell 10.0.0.1, length 28
    11:13:55.547647 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33422, length 8
    11:13:55.548261 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33422, length 8
    11:13:55.768463 IP xx.xx.xx.xx.53836 > 10.0.0.254.443: tcp 83
    11:13:55.768519 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 0
    11:13:55.768553 IP xx.xx.xx.xx.53836 > 10.0.0.254.443: tcp 246
    11:13:55.768580 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 0
    11:13:55.769018 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 42
    11:13:55.773019 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:55.773049 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:55.773067 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:55.773085 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 18
    11:13:55.783833 IP xx.xx.xx.xx.53836 > 10.0.0.254.443: tcp 0
    11:13:56.069837 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33423, length 8
    11:13:56.070458 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33423, length 8
    11:13:56.611069 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33424, length 8
    11:13:56.611784 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33424, length 8
    11:13:57.152575 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33425, length 8
    11:13:57.153219 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33425, length 8
    11:13:57.669651 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33426, length 8
    11:13:57.670183 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33426, length 8
    11:13:58.211063 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33427, length 8
    11:13:58.211578 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33427, length 8
    11:13:58.278001 IP xx.xx.xx.xx.53836 > 10.0.0.254.443: tcp 83
    11:13:58.278076 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 0
    11:13:58.278137 IP xx.xx.xx.xx.53836 > 10.0.0.254.443: tcp 246
    11:13:58.278167 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 0
    11:13:58.278560 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 42
    11:13:58.281421 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:58.281447 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:58.281459 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 1260
    11:13:58.281470 IP 10.0.0.254.443 > xx.xx.xx.xx.53836: tcp 19
    11:13:58.292739 IP xx.xx.xx.xx.53836 > 10.0.0.254.443: tcp 0
    11:13:58.292783 IP xx.xx.xx.xx.53836 > 10.0.0.254.443: tcp 0
    11:13:58.752395 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33428, length 8
    11:13:58.752915 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33428, length 8
    11:13:59.269786 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33429, length 8
    11:13:59.270585 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33429, length 8
    11:13:59.810991 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33430, length 8
    11:13:59.811929 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33430, length 8
    11:14:00.352440 IP 10.0.0.254 > 10.0.0.1: ICMP echo request, id 36047, seq 33431, length 8
    11:14:00.352932 IP 10.0.0.1 > 10.0.0.254: ICMP echo reply, id 36047, seq 33431, length 8

    Untitled Diagram.png


Log in to reply