[SOLVED] Wierd IPsec passthru problem

[mszeliga]

Hi

I've recently replaced a m0n0wall with opnsense and I can't get IPsec passthru working, the same configuration worked with the m0n0wall.

Problem:

Cisco PIX behind opnsense connects to a Cisco ASA, the tunnel is up and networks behind the ASA are able to reach networks behind the PIX but it is impossible to get from network behind the PIX to reach networks behind the ASA.

Configurations on both PIX and ASA are not changed, IP addresses on opnsense are the same as they were on m0n0wall, rules and NAT are copied from the m0n0wall. There is nothing in the logs, only the tunnel coming up.
The internal port of the PIX is connected to my switch (a Cisco CC3560x) which is used as router on the LAN, this switch has static routes to the networks behind the ASA pointing to the PIX. The external port of the PIX is connected to LAN7 interface on the opnsense.
I've got rules for ISAKMP from EXT to the PIX on LAN7, NAT for the same and also the other way

btw. the hardware is an old Checkpoint UTM-1 with 10 1-Gigabit ports, I've named the ports in opnsense as they are named on the box (INT, EXT, DMZ, LAN1..LAN7).

Regards
Maciej

[mszeliga]

Please forgive me... one from my team has changed the firewall I was trying to connect to.
This happened the very same day I changed my m0n0wall to opnsense so from my perspective it looked that the problem was at my end.

Regards
Maciej 

[franco]

Hi Maciej,

Happy to hear this worked out ok.


Cheers,
Franco