ENC0 blocking when ipsec is open

nambi · Sep 14, 2010, 11:38 PM

my active directory will not populate from my trusted domain through my ipsec tunnel.

Each time I try to pull objects out of my remote domain my psfsence logs show, my watchguard is on 192.168.2.2 my pfsence (70...48)=192.168.1.2

Sep 14 19:35:02 NG0 206.111.140.12 70...48 ICMP
Sep 14 19:35:02 NG0 206.111.140.12 70...48 ICMP
Sep 14 19:35:01 NG0 206.111.140.12 70...48 ICMP
Sep 14 19:34:47 WAN 192.168.1.50 224.0.0.1 IGMP
Sep 14 19:33:46 WAN 192.168.1.50 224.0.0.1 IGMP
Sep 14 19:32:46 WAN 192.168.1.50 224.0.0.1 IGMP
Sep 14 19:32:00 ENC0 192.168.2.34:1041 192.168.1.103:161 UDP
Sep 14 19:31:54 ENC0 192.168.2.34:1041 192.168.1.103:161 UDP
Sep 14 19:31:48 ENC0 192.168.2.34:1041 192.168.1.103:161 UDP
Sep 14 19:31:46 WAN 192.168.1.50 224.0.0.1 IGMP
Sep 14 19:31:42 ENC0 192.168.2.34:1041 192.168.1.103:161 UDP
Sep 14 19:31:30 ENC0 192.168.2.34:1041 192.168.1.103:161 UDP
Sep 14 19:31:25 NG0 208.93.105.8 70...48 ICMP
Sep 14 19:31:25 NG0 208.93.105.8 70...48 ICMP
Sep 14 19:31:24 ENC0 192.168.2.34:1041 192.168.1.103:161 UDP
Sep 14 19:31:24 NG0 208.93.105.8 70...48 ICMP
Sep 14 19:31:18 ENC0 192.168.2.34:1041 192.168.1.103:161 UDP
Sep 14 19:31:13 ENC0 192.168.2.2:1435 192.168.1.2:389 UDP
Sep 14 19:31:12 ENC0 192.168.2.34:1041 192.168.1.103:161 UDP

When I remove my pfsense box and hook up my watchguard I have no issues. the objects populate. can someone please tell me how to create a rule to allow this to pass? I am stumped been working on these rules for a long time and I just don't know what else to try.

Any advice is greatly appreciated.

Even when I say all to all any to any it the logs are similar.

jimp · Sep 15, 2010, 1:00 PM

Double check your rule on IPsec. Is it really an any/any rule, or is the protocol set for TCP instead of any?

All of the blocks on enc0 are UDP, which makes me think that your rule on the IPsec interface is not set to allow UDP.

nambi · Sep 15, 2010, 1:06 PM

Do i need to create any ipec rules? Any computer that connects through IPEC i have authorized anyways, therefore I allow them full access to the system?

Doesn't' rules just start adding restrictions? so if I had no rules listed would it be fully open for anyone connecting through IPSEC?

Or by default are the common ports blocked?

Thanks

jimp · Sep 15, 2010, 1:54 PM

Everything is blocked by default.

If you want to allow access in across the tunnel, you need rules on the tunnel interface.