Inbound ACK to IPSEC interface blocked



  • Hello,

    I have a Ubiquiti AP that is trying to talk to a cloud key over an IPSEC VTI tunnel between a SG-1100 and a pfSense VM). As you can see from the logging screenshot, the traffic leaving the management network (called SWITCH) is permitted, but then I see a bunch of blocked TCP ACKs.
    ee4984f6-9b6c-4c84-b22a-eeeb2c3193fe-image.png

    A packet capture shows that the ACKs are all retransmissions.
    508b930b-6d5f-4a70-91b2-470d385afbfb-image.png

    As far as I can see this is the only traffic that is constantly and consistently experiencing these retransmissions, but I'm not sure why it's happening or how to stop it.

    Any ideas?


Log in to reply