1
General Discussion / Re: IPSec rules didnt trigger
« on: June 15, 2024, 01:41:16 am »
Drove to Site B....Isolated the allow all rule until i found whats missing.
How i analyzed:
- Created Rule on Site B for all interfaces, any direction, all Networks & IPs to every destination
- Eliminated Network and IPs from that rule, until i found the Site B WAN address
- Eliminated Interfaces until i found its Site B Net A
- Ping from Site-A-OpenVPN-net to Site-B-A-net
- Checked Live log: Matched to: LAN Interface, Direction out, Source Site B WAN address, destination pinged server
I dont think that we need such rule - do you?
We have on Site B NAT Outbound Rule for LAN interface which translates to the Site B WAN address. Sounds more like a NAT issue?
I would appreciate it if someone could give me a hand - I'm running out of ideas.
How i analyzed:
- Created Rule on Site B for all interfaces, any direction, all Networks & IPs to every destination
- Eliminated Network and IPs from that rule, until i found the Site B WAN address
- Eliminated Interfaces until i found its Site B Net A
- Ping from Site-A-OpenVPN-net to Site-B-A-net
- Checked Live log: Matched to: LAN Interface, Direction out, Source Site B WAN address, destination pinged server
I dont think that we need such rule - do you?
We have on Site B NAT Outbound Rule for LAN interface which translates to the Site B WAN address. Sounds more like a NAT issue?
I would appreciate it if someone could give me a hand - I'm running out of ideas.