1
General Discussion / IPSec in Routed mode with BiNAT, traffic but no replies?
« on: September 01, 2021, 12:01:45 am »
I have built a Router VTI IPSec tunnel to a Cisco Router at work. I am using BiNAT to make my 10.0.0.0/25 network look like 10.0.10.0/25 over the tunnel. I am using 10.0.10.252/30 .254 is my OPNSense end, .253 is my Cisco VTI Tunnel10. The tunnel on the cisco can ping the tunnel IP on the OPNSense. The loopback on the Cisco 10.45.253.1 can ping the 10.0.10.254 of the OPNSense. BUT my Linux box at 10.0.0.24, natting to 10.0.10.24 tries to ping the loopback of the router at 10.45.253.1 (and a ping from the routers loopback to the 10.0.10.24 at the same time, neither get a reply. YET, both unidirectional traffic flows show in the Packet Capture on my tunnel interface on the OPNSense..I am lost as to how this happens? (see picture attached)
my tunnel interface as two ANY - ANY IPv4 rules for in and out. And I see Encaps and Decaps oh plenty on my Cisco and my OPNSense IPSec stats...
my tunnel interface as two ANY - ANY IPv4 rules for in and out. And I see Encaps and Decaps oh plenty on my Cisco and my OPNSense IPSec stats...