Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't access Webpage over IPSec

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 448 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rebelscum
      last edited by

      I have a site-to-site IPSec tunnel setup with a vendor. They have a Palo Alto on the other end. Phase 1 connects with no problem. I'm attempting to gain access to 2 webpages sitting on their side. I have a phase 2 entry for each. I am using the NAT field to present my WAN IP for both entries. This is all in tunnel mode for now.

      One of them I can access, one of them I cannot. In pfSense, I can see my NAT'd address leaving and trying to reach the destination server IP. Leaves with protocol TCP:S and occasinally TCP:SEC. Interface in the log shows IPSEC interface is being used and the traffic leaves. Once site comes back no problem, the other doesn't even give a reply.

      To add more context, the vendor is in the process of takiing this site off the public Internet and that is why we're testing this IPSec tunnel. Strangely, I can run a packet capture with with Wireshark to the site in question over the public Internet, all looks good. I run a packet capture when trying to cross the IPSec tunnel and my side presents TLSv1 first before mobing to TLSv2. My client machine only has TLSv2 enabled though.

      Other than the vendor side blocking me, any idea at all what could be changed on my side that could improve my chances of a successful connection to my vendor?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.