[SOLVED] Help with strange behaviour with an IPSec Tunnel

Started by flackoluke, February 07, 2022, 04:40:19 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 07, 2022, 04:40:19 PM Last Edit: February 07, 2022, 05:50:38 PM by flackoluke
SOLVED:
DON'T USE ALIAS IN SOURCE, DESTINATION OR EXTERNAL NETOWKR IN THE NAT SECTION.

Hello, first time poster here.
We have OPN Sense at work and I personally manage the istance.
I created an IPSec with a new client yesterday.
I see a strange behaviour regarding NAT and traffic, let me explain with some background.

Topology:
Our Network:        10.41.35.0/24
Client Network:     10.168.3.16/28

NAT: 
Source 10.41.35.0/24
Destination 10.168.3.16/28
ExternalIP: 10.169.3.0./28

Firewall Rules:
Interface IPSec Allow from 10.41.35.0/24 to 10.168.3.16/28 Port 8089 and Port 8000 (Splunk)

Now the strange behaviour it's that a machine 10.41.35.2 can telnet on both 8000 and 8089 ports however another machine 10.41.35.3 can't.
Firewall traffic log from the .2 machine is IPSec internal host to host allowed with the correct NAT'd ip
Firewall traffic log form .3 machine is Default deny rule denied with the incorrect ip

Can someone help me?
Print
Go Up Pages1
User actions