IPSEC connection failed with SYN_SENT:CLOSED message
-
I have an IPSEC tunnel configured between my Azure network and a customer's private network. Phase-1 of the tunnel is established between fixed/public IP addresses. Phase-2 is established between local/internal IP addresses; there are 3 Phase-2 connections, one of them is used only for file read connection via SFTP. An interesting detail is that the Phase-2 connection for SFTP, on my client's side, is defined using a public IP address (in the range 200.xx.xx.xx.xx) on their side, to a local IP address on my side.
A client application needs to get a file from a server on my network using SFTP protocol, but when trying to connect, his application does not reach my server (receives a time-out), because my pfSense Firewall stops the connection with a SYN_SENT:CLOSED message.
The Internet connection to my Azure network goes all through the VM with pfSense (version 2.5.2), where the VPN tunnel is configured, and which is assigned the public IP address used for the Phase-1 connection. In this Azure network, and behind the firewall, I have a Windows server with a SFTP application, with the internal firewall turned off. The Azure NSG assigned to that virtual machine has all ports open.
What fault could be causing the communication failure? I understand that the SYN_SENT message occurs when there is an asynchronous connection problem, but no Phase-1 or Phase-2 parameter has any odd value or refers to synchronization.
Please, I would appreciate any help you can give me with this problem.
-
@alejjime Reviewing the pfSense configuration of my Azure network, I noticed the time zone was different than that of my client's servers, and I have already changed it, as well as that of my Windows server with the SFTP application, so they are already synchronized with my client's servers.
I made that adjustment thinking that the date/time difference might generate an asynchrony problem, but the problem persists.