I am using pfsense for my side of a site to site vpn. Due to conflicting subnets we have had to NAT each subnet using a feature built in to the ipsec tool. If you'll stay with me, here are the details and issues I am seeing and I am a bit confused.
Not actual addresses
- Gateway 192.168.1.254
- Remote side 124.0.0.48 via 150.11.75.128
- Pingable between 192.168.1.1 - 124.0.0.48
- 6 subnets - example of no ping; 192.168.5.100 (NAT to 192.168.15.100) - 124.0.0.48
6 subnets - only 1 of them can ping the remote side (this ip is in the same subnet as the gateway).
The remote side uses a pubic ip address so I have had to specify a static route to use the tunnel to get there.
On our first tests, we were able to get connectivity on 192.168.15.0/24 but this was only after the remote side pinged the device (192.168.15.100) in that subnet first. Now the remote side are saying they can't ping that device... though nothing has changed to my knowledge (their problem?)
I have just run a packet capture on our pfsense box to see if I could determine where the issue is. All I can see is a bunch of "No Response ", not even a type 3 unreachable. Is there anything more I can do to identify the issue or prove that this is not an issue on our side?
No comments:
Post a Comment