Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Response SA packets getting droped (GRE over IPSec tunnel)

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 352 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gernupe
      last edited by

      Didn't know where to put this so i ended up here.

      Being having a little problem with one setup (diag.jpg attached). Its a GRE tunnel over ipsec but it have the a need to use nat inside it.

      If i try to connect to the remote server, the packet capture on the gre interface shows ACK from the other side (tcpdump-gre.jpg), but it seems that when the packet leaves the tunnel it gets droped by the firewall (fw-drop.jpg) for (i guess) being out of state.

      Any help on this will be appreciated cause i'm lost here.

      PS: if i posted this in the wrong place, feel free to move it where it belongs.

      Edit: added NAT-OUT rules screen shot just in case, cause its more likely the culprit.
      fw-drop.JPG
      fw-drop.JPG_thumb
      tcpdump-gre.JPG
      tcpdump-gre.JPG_thumb
      Diag.jpg
      Diag.jpg_thumb
      NAT.JPG
      NAT.JPG_thumb

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.