IP SEC : Pfsense <-> watchguard BOVPN
-
Hello,
I have an IPsec tunnel mounted between a pfsense firewall and a watchguard (bovpn) firewall. The two firewalls are configured in exactly the same way:
Phase 1 :
Key Exchange version : IKEv2
Auth method : Mutual PSK
My identifier : My IP address
Peer identifier : Peer IP address
Encryption:- Algo : AES
- Key lenght 128bits
- Hash : SHA256
- DH Group 14 (2048 bits)
Life Time : 28800
Phase 2 :
Mode : tunnel IPV4
Protocole : ESP
Encryption Algo : AES 128 bits
Hash Algo : SHA256
PFS key group : 14 (2048 bit)
Life Time : 28800
Rekey Tume : 25200Phase 1 is working perfectly. The problem comes from phase 2, when phase 2 is initialized (thanks to a ping for example from the network on the watchguard side to the Pfsense network) phase 2 goes up well. But when the ping is in the opposite direction (Pfsense network to the watchguard network, the ping does not work and phase 2 does not start). We can not find any log of attempt to initiate on the side of watchguard or pfsense.
The watchguard firewall does allow ports 500 and 4500. And the ESP protocol.Can you explain to me why it works one way and not the other? Thank you in advance for your help.
-
@yguerchet The topic is old, but i solved it. By enabling "split connection"