Unable to communicate both ways on active IPSEC VPN

  • Hi, i've got a problem with my pfsense ipsec ike/psk vpn to a remote cisco over the public internet. The tunnel forms properly, and I'm getting routing from the pfsense to the cisco's network; however, the cisco can't route into the pfsense network.

    I can ping, nmap, rdp, etc. from the pfsense to the cisco network. When I ping from the cisco network to a host on my pfsense network, a block entry is generated in the log on an interface (ENC0) I can't find anywhere else in the pfsense interface, with the internal IP of the pinging host as the source. Clicking the X I have the rule "@66 block drop in log quick all label "Default deny rule". I can not find any entry for this "Default deny rule".

    I've also tried the option allowing traversal of packets from one network to another over the same interface; I don't have my pfSense available to me right now (at work) otherwise I'd check the exact name. I've also enabled an

    How might I allow two-way traversal between my networks? Something I'm missing?

  • Sorry if this is stating the obvious, but have you created an allow rule on the Firewall ¦ Rules ¦ IPSEC tab?

  • I had this problem as well. I had oppened port 500 on the remote firewall, but had not oppened port 500 on my firewall for the return encrypted connection.

    Hope this helps,

Log in to reply