ONe Way kinda?

  • pfsense –- IPSEC ----- PIX

    I can ping from the pfSense side into the PIX side and recieve icmp reply.

    If I ping from the PIX network to the pfsense I get request timed out. I cannot connect to any users on the pfsense side coming from the PIX side.

    I am running 1.2 bet1.

    I do not remember making a change to allow the pfSense (1.0.1) to allow icmp or connectivity coming from the remote end??

    Maybe I missed something.

  • Do you have rule on your IPsec interface in the firewall?

    With 1.2 IPsec is firewallable.

  • I think so…..I will take a look once I get a machine from the remote site to connect so I can then connect to them and log into the box.

    Do you have a sample of what it should look like.

    I know with the PIX you create an accesslist to ensure all traffic going to the destination is encrytped. I just do not remember having to do this with pfsense (1.0.1)

  • IPSEC filtering is a new feature of 1.2. 1.0.1 was always passing all incoming IPSEC traffic. If you upgrade from an old version we'll installa pass any rule at IPSEC so things will work the way they did like with 1.0.1. However, if you do a fresh install of 1.2 this rule is not present which means everything incoming through a tunnel will be blocked by default. Just create a rule at firewall>rules, IPSEC to allow the desired traffic.

Log in to reply