Response SA packets getting droped (GRE over IPSec tunnel)
Didn't know where to put this so i ended up here.
Being having a little problem with one setup (diag.jpg attached). Its a GRE tunnel over ipsec but it have the a need to use nat inside it.
If i try to connect to the remote server, the packet capture on the gre interface shows ACK from the other side (tcpdump-gre.jpg), but it seems that when the packet leaves the tunnel it gets droped by the firewall (fw-drop.jpg) for (i guess) being out of state.
Any help on this will be appreciated cause i'm lost here.
PS: if i posted this in the wrong place, feel free to move it where it belongs.
Edit: added NAT-OUT rules screen shot just in case, cause its more likely the culprit.