Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to communicate both ways on active IPSEC VPN

    Scheduled Pinned Locked Moved IPsec
    3 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      caimlas
      last edited by

      Hi, i've got a problem with my pfsense ipsec ike/psk vpn to a remote cisco over the public internet. The tunnel forms properly, and I'm getting routing from the pfsense to the cisco's network; however, the cisco can't route into the pfsense network.

      I can ping, nmap, rdp, etc. from the pfsense to the cisco network. When I ping from the cisco network to a host on my pfsense network, a block entry is generated in the log on an interface (ENC0) I can't find anywhere else in the pfsense interface, with the internal IP of the pinging host as the source. Clicking the X I have the rule "@66 block drop in log quick all label "Default deny rule". I can not find any entry for this "Default deny rule".

      I've also tried the option allowing traversal of packets from one network to another over the same interface; I don't have my pfSense available to me right now (at work) otherwise I'd check the exact name. I've also enabled an

      How might I allow two-way traversal between my networks? Something I'm missing?

      1 Reply Last reply Reply Quote 0
      • G
        Gob
        last edited by

        Sorry if this is stating the obvious, but have you created an allow rule on the Firewall ¦ Rules ¦ IPSEC tab?

        If I fix one more thing than I break in a day, it's a good day!

        1 Reply Last reply Reply Quote 0
        • Z
          ZappedC64
          last edited by

          I had this problem as well. I had oppened port 500 on the remote firewall, but had not oppened port 500 on my firewall for the return encrypted connection.

          Hope this helps,
          -=Zapped=-

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.