IPSec Amazon VPC / IPSec Firewall / IPSec SSH (2.2.3)
i etablished the IPSec VPN Connection to our VPC succesfully, but we have a strange behaviour :(.
(For network architecture see attached file)
Issue 1 Ping/SSH
Ping from Host SN0 to Instance (10.0.7.64) in VPC works
SSH from Host SN0 to Instance (10.0.7.64) in VPC works
Ping from Host SN12 to Instance (10.0.7.64) in VPC works
SSH from Host SN12 to Instance (10.0.7.64) in VPC doesn't work
But some Linux Servers (SN0) (all have the same default gateway) can't ping instances (host unreachable).
Security Group from the Instances allow all traffic from our internal network
All traffic under "Firewall -> IPSec" is allowed.
If the rule is deleted all traffic should be blocked, shouldnt it? But Ping and SSH still works. I dont understand this
Issue3 phase 2
If i create more than 2 phrase 2 entrys, tunnels get closed, so pfsense can not hold more than 2 tunnels. Is there a solution, we dont want to allow all clients access to the vpn tunnel, only 2 subnets. Usually i would create for every subnet a additional phase 2 entry.
I hope you can help me.