IPSec Amazon VPC / IPSec Firewall / IPSec SSH (2.2.3)
-
Hello community,
i etablished the IPSec VPN Connection to our VPC succesfully, but we have a strange behaviour :(.
(For network architecture see attached file)
Issue 1 Ping/SSH
Ping from Host SN0 to Instance (10.0.7.64) in VPC works
SSH from Host SN0 to Instance (10.0.7.64) in VPC worksPing from Host SN12 to Instance (10.0.7.64) in VPC works
SSH from Host SN12 to Instance (10.0.7.64) in VPC doesn't workBut some Linux Servers (SN0) (all have the same default gateway) can't ping instances (host unreachable).
Security Group from the Instances allow all traffic from our internal network
All traffic under "Firewall -> IPSec" is allowed.Issue2 Firewallsolved
If the rule is deleted all traffic should be blocked, shouldnt it? But Ping and SSH still works. I dont understand thisIssue3 phase 2
If i create more than 2 phrase 2 entrys, tunnels get closed, so pfsense can not hold more than 2 tunnels. Is there a solution, we dont want to allow all clients access to the vpn tunnel, only 2 subnets. Usually i would create for every subnet a additional phase 2 entry.I hope you can help me.