Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with AH Packets in Bridged Mode Filtering

    Firewalling
    1
    1
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      florut
      last edited by

      Moin,

      I have the following setup to connect offices to our main office:

      Main-Net  – Router cisco 2811 ---- Firewall -----Internet ------ Router Cisco 1812 ---- Office-Net

      ......and everything works fine.

      The tunnel is ipsec encrypted.

      For security reasons I want to do the following:

      Main-Net  -- Router cisco 2811 ---- Firewall -----Internet ------ pfsense with transp. FW ---- Router Cisco 1812 ---- Office-Net

      Now my problem:
      The tunnel comes up. "show crypto session" says "Up Active"
      The pfsense Firewall-Log stays quiet.
      Incomming AH PAckets are forwarded, but manipulated.
      The Identification header changed from 0x1b3 to 0x9a4 (in IP)
      These packets are ignored by the router, so that there is no communication possible
      Every other bit in the packet is the same (excluding checksums)
      Deactivating packet filtering solves the problem (but that is not, what I want to do)

      Please help me to fix this problem.

      Florian

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.