1
20.1 Legacy Series / Re: IPSEC tunnel question
« on: May 28, 2020, 04:46:58 pm »
Thanks for the hint - will check for that. However, icmp is working fine, it's non icmp that has that strange behavior.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
20.1 Legacy Series / IPSEC tunnel question
« on: May 27, 2020, 11:21:14 pm »
Setup:
A is any host on 192.168.1.0/24 and there is a Cisco ASA 5505 IPSEC endpoint for the internet tunnel to B
B is any host on 192.168.2.0/24 and there is a OPNsense IPSEC endpoint for the internet tunnel to A
On B the OPNsense LAN interface is NOT the default gateway for the network. There is a pfSense firewall for that and it has a route/gateway to the OPNsense firewall for the traffic to A. The ASA is also endpoint for several other IPSEC tunnels, some of them to pfSense endpoints and they are all rock-solid. The same is true for the pfSense on B. In addition to the IPSEC tunnel the OPNSense has an openVPN Server for road-warriors with LDAP + 2FA that works just fine.
Question:
What can prevent traffic to flow correctly from A to B and B to A using ICMP but using TCP only B to A flows.
Observation:
Once TCP B to A has worked for one protocol , A to B starts working for various protocols (does not seem to be time limited) but only for that host pair.
Any help would be much appreciated !
A is any host on 192.168.1.0/24 and there is a Cisco ASA 5505 IPSEC endpoint for the internet tunnel to B
B is any host on 192.168.2.0/24 and there is a OPNsense IPSEC endpoint for the internet tunnel to A
On B the OPNsense LAN interface is NOT the default gateway for the network. There is a pfSense firewall for that and it has a route/gateway to the OPNsense firewall for the traffic to A. The ASA is also endpoint for several other IPSEC tunnels, some of them to pfSense endpoints and they are all rock-solid. The same is true for the pfSense on B. In addition to the IPSEC tunnel the OPNSense has an openVPN Server for road-warriors with LDAP + 2FA that works just fine.
Question:
What can prevent traffic to flow correctly from A to B and B to A using ICMP but using TCP only B to A flows.
Observation:
Once TCP B to A has worked for one protocol , A to B starts working for various protocols (does not seem to be time limited) but only for that host pair.
Any help would be much appreciated !
Pages: [1]