VPN IPsec no traffic

Options
Amine
Amine Posts: 1
in Security

Hello community 

happy new year to all

I have to connect 2 sites by a VPN IPSec, site A has a pfsense firwall and site B has Zyxel USG 210 

the tunnel is up, both phases (1 and 2) but no traffic between the networks 

something wrong with the firewall policies on the USG but I can find the issue 

here are the settings:

Pfsense (Site A):

Image post content

USG 210 (Site B):

Image post content

if someone have a solution or an advice 

Thank you in advance

All Replies

  • CHS
    CHS Posts: 177  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    The default firewall policies allow traffic to and from the IPSec VPN Tunnel because the latest rule blocks all traffic "From Any to Any". Therefore, the rules you mentioned should not cause any problems. You can check if any policy route rules are affecting your VPN traffic.
  • Zyxel_James
    Zyxel_James Posts: 618  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    Hello @Amine,
    We can do several checks to narrow down the root cause.
    1. Check the logs to see if any security policy blocks the traffic. Or you can disable the Policy Control to test if any security policy blocks the traffic.
    2. Go to Monitor > VPN Monitor > IPsec, select the tunnel, and click Connection Check. Also check if it's one-way block on inbound, if so, you may check on pfsense peer.
    3. Check if there is any conflict routing, you can go to Maintenance > Packet Flow Explore > Routing Status, and check which routing the session goes.
    4. There is also a possibility there is an overlapping subnet, resulting in routing conflict.

    James

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)