Inbound ACK to IPSEC interface blocked
I have a Ubiquiti AP that is trying to talk to a cloud key over an IPSEC VTI tunnel between a SG-1100 and a pfSense VM). As you can see from the logging screenshot, the traffic leaving the management network (called SWITCH) is permitted, but then I see a bunch of blocked TCP ACKs.
A packet capture shows that the ACKs are all retransmissions.
As far as I can see this is the only traffic that is constantly and consistently experiencing these retransmissions, but I'm not sure why it's happening or how to stop it.