Can't access Webpage over IPSec
-
I have a site-to-site IPSec tunnel setup with a vendor. They have a Palo Alto on the other end. Phase 1 connects with no problem. I'm attempting to gain access to 2 webpages sitting on their side. I have a phase 2 entry for each. I am using the NAT field to present my WAN IP for both entries. This is all in tunnel mode for now.
One of them I can access, one of them I cannot. In pfSense, I can see my NAT'd address leaving and trying to reach the destination server IP. Leaves with protocol TCP:S and occasinally TCP:SEC. Interface in the log shows IPSEC interface is being used and the traffic leaves. Once site comes back no problem, the other doesn't even give a reply.
To add more context, the vendor is in the process of takiing this site off the public Internet and that is why we're testing this IPSec tunnel. Strangely, I can run a packet capture with with Wireshark to the site in question over the public Internet, all looks good. I run a packet capture when trying to cross the IPSec tunnel and my side presents TLSv1 first before mobing to TLSv2. My client machine only has TLSv2 enabled though.
Other than the vendor side blocking me, any idea at all what could be changed on my side that could improve my chances of a successful connection to my vendor?