Hello,
i ve got in trouble for a week, and i ve find something i can not explain.
I m on the process to change my old ASA 5520 by two opnsense who would run under an ESX hypervisor. For the moment i can just test the HA-opnsense solution beeing after the ASA 5520 (i ve juste one network access to a dedicated network for french research with a /29 for connecting (3 address for my 2 ASA and 3 other for what is in front, which i don't have access). IPv6 is not used and disabled.
So, i tried to make my protoype and when i change the WAN gateway from autodetect to the address (that i ve defined before as a /32) , icmp works (at least tracert -I works) but tcp and udp won't (ssh, http,https,...). When i switch back to wan-gateway-autodetect everythings works. I ve verified that route are the same (netstat -arn) : they are !
So where is the difference ?
PS: i ve spend a long time because cisco asa packet tracer complain about "rpf-violated reverse-path verify failed" and show packet as dropped, but in fact as nat control is off, packet goes through the asa ...
many, many thanks for lighting my feeble mind.