IPsec Tunneling

thanosg

I have the topology as shown in the diagram. I have established IPsec Connection from FW1 to FW3 and tunnels are UP.

Also I have added rules in IPsec Interface to allow any-any in both firewalls.

I have added rules in FW2 to allow ports 4500 and 500.

The problem is that i cannot ping from one site to another (neither the PCs nor the FWs)

viragomann

@thanosg
Do you see your tunnels established properly in Status > IPsec > SPDs?

If so probably your devices block the access. Remember that devices by default block access from outside of their local subnet. You will have to allow it in the PCs firewalls of each.

thanosg

@viragomann

The screenshots show the tunnel status. In my eyes it seems ok.

The PCs in both ends have a linux mint with no specific firewall rules.

viragomann

@thanosg
As well a Linux firewall blocks remote access by default.
Disable it an try or sniff the traffic in pfSense on the involved interfaces to investigate the issue.

thanosg

@viragomann the mint firewalls on both ends are allow any any