IPSec and NAT



  • Hi….I've have a question (or two) for the brilliant minds here. I am having some trouble here, with my ATT Microcell....it's been down now for 4 months (3 months before I put the Pfsense on line) and finally today we made some headway on getting it to authorize. It had been working for over a Year prior to failing to activate.

    Now the question, today I Had a ATT Network Tech online and he watched the sequence. He is saying that the only error he had come back was IPSec Tunnel failed to start.

    I tried to run this on it's own dedicated port, set it up plain vanilla, set NAT including one for ISAKMP port 500. Set the firewall rule for all, all, all, etc WAN to LAN and the same on LAN to WAN....wouldn't even show on their system.....went back, bridged WAN to LAN (transparent), set DHCP on, disabled NAT, set WAN to LAN all open, LAN to WAN all open................still they couldn't see it.....I could ping from LAN to WAN and LAN to WAn no problem................but they couldn't see it try to activate on their system's....finally moved it over to my HOME LAN port and they finally saw it trying to activate.....Said it must Pfsense blocking the IPSec tunnel (It was on the Same Box, just different Port..and didn't have any Port forwards set for MCell ports) I'm not sure they conciously relealized that.

    I don't think this is the issue, but that's there take on it..

    Ok I checked and didn't have the Racoon started during all this so I repeated the Activation Steps again this time with Racoon enabled. Same issue…Racoon or no Racoon. From what I know since the MCell is Cisco SuperSecret IPSec doesn't Need Pfsense version of IPSec enabled as it does it's own thing.....ONly time I see a need For Racoon is setting up your own IPSec Tunnel. I had checked all the NAT's and Firewall Rules (they are virtually wide open for anything)...

    Am I missing something here? From what I have read IPSec will normally Transverse a Firewall without Really having any port forwards and will use one or both Ports 500 UDP and?or 4500 UDP (the one's MCell has to have supposedly). As long as the Firewall Rules allow it they will.

    So could someone Edumacate me on IPSec in Pfsense (does it support it, etc) and If My Research is Flawed let me know where.

    They are trying to say it is my "Fancy Firewall" causing problems (even though problems started on a old WNR2000 Netgear Router and single switch) All this 3 months before I went Live with My Pfsense Box, which I played with off hooked up to the old system long before I took it LIVE and online.

    Thanks