Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
IPSEC tunnel question
« previous
next »
Print
Pages: [
1
]
Author
Topic: IPSEC tunnel question (Read 1612 times)
RHS
Newbie
Posts: 2
Karma: 0
IPSEC tunnel question
«
on:
May 27, 2020, 11:21:14 pm »
Setup:
A is any host on 192.168.1.0/24 and there is a Cisco ASA 5505 IPSEC endpoint for the internet tunnel to B
B is any host on 192.168.2.0/24 and there is a OPNsense IPSEC endpoint for the internet tunnel to A
On B the OPNsense LAN interface is NOT the default gateway for the network. There is a pfSense firewall for that and it has a route/gateway to the OPNsense firewall for the traffic to A. The ASA is also endpoint for several other IPSEC tunnels, some of them to pfSense endpoints and they are all rock-solid. The same is true for the pfSense on B. In addition to the IPSEC tunnel the OPNSense has an openVPN Server for road-warriors with LDAP + 2FA that works just fine.
Question:
What can prevent traffic to flow correctly from A to B and B to A using ICMP but using TCP only B to A flows.
Observation:
Once TCP B to A has worked for one protocol , A to B starts working for various protocols (does not seem to be time limited) but only for that host pair.
Any help would be much appreciated !
Logged
mimugmail
Hero Member
Posts: 6765
Karma: 494
Re: IPSEC tunnel question
«
Reply #1 on:
May 28, 2020, 07:14:27 am »
Sounds like a Route is missing somewhere and it gets learned dynamically via icmp
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
RHS
Newbie
Posts: 2
Karma: 0
Re: IPSEC tunnel question
«
Reply #2 on:
May 28, 2020, 04:46:58 pm »
Thanks for the hint - will check for that. However, icmp is working fine, it's non icmp that has that strange behavior.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.1 Legacy Series
»
IPSEC tunnel question
