New IPSEC Tunnel ISAKMP Rule Not Being Auto Created



  • Good morning,

    I am experiencing an issue with a FW running 2.2.3 where I create a new VPN tunnel and I am only able to initiate traffic from the local side.  The remote side is unable to initiate traffic.

    If I run pfctl -sr I do not see an auto added rule for the new tunnel.

    If I create a rule on the WAN interface to allow port 500 UDP from the remote endpoint to my firewall the tunnel is able to be initiated from the remote end.

    Am I doing something wrong when building this tunnel or is this a bug?

    Thank you.

    Alex