4. Disable filtering/scrubbing through VPN - How?

Disable filtering/scrubbing through VPN - How?

  • S

    I have a site-to-site VPN as a fallback/backup link between three sites in a full mesh. The primary link is through (unreliable) MPLS.

    At each site I have Cisco routers that track the far side MPLS routers using IP SLA monitor. If the MPLS link goes down, the routers flips the routes to the pfSense firewalls for traffic to be routed over the VPN.

    The VPNs are kept alive at all time through keep-alive. I have verified that they do stay up.

    The Cisco side of the setup works well.

    My problem is that all established TCP sessions drop when the route flips from the MPLS to the VPN. It appears that pfSense does a TCP state inspection of the packet and drops the packet because it did not see the session establish through it. I have verified this through different packet captures.

    Turning off scrubbing and packet filtering has no effect.

    This is through IPSec VPN. I have not tried OpenVPN.

    Ideas?

    0
  • S

    Gave up on trying to do this. Instead created tunnel interfaces on the ciscos and am letting MPLS failover to GRE tunnels. Working surprising well. Doing port forwarding for GRE for the IP of hte router. Wanted to keep all the router IPs behind the firewall.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy