IPSEC tunnel question

Started by RHS, May 27, 2020, 11:21:14 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 27, 2020, 11:21:14 PM
Setup:
A is any host on 192.168.1.0/24 and there is a Cisco ASA 5505 IPSEC endpoint for the internet tunnel to B
B is any host on 192.168.2.0/24 and there is a OPNsense IPSEC endpoint for the internet tunnel to A
On B the OPNsense LAN interface is NOT the default gateway for the network. There is a pfSense firewall for that and it has a route/gateway to the OPNsense firewall for the traffic to A. The ASA is also endpoint for several other IPSEC tunnels, some of them to pfSense endpoints and they are all rock-solid. The same is true for the pfSense on B. In addition to the IPSEC tunnel the OPNSense has an openVPN Server for road-warriors with LDAP + 2FA that works just fine.
Question:
What can prevent traffic to flow correctly from A to B and B to A using ICMP but using TCP only B to A flows.
Observation:
Once TCP B to A has worked for one protocol , A to B starts working  for various protocols (does not seem to be time limited) but only for that host pair.

Any help would be much appreciated !

May 28, 2020, 07:14:27 AM #1
Sounds like a Route is missing somewhere and it gets learned dynamically via icmp
May 28, 2020, 04:46:58 PM #2
Thanks for the hint - will check for that. However, icmp is working fine, it's non icmp that has that strange behavior.
Print
Go Up Pages1
User actions