VPN SITE TO SITE

Hi

I had created a SITE to SITE VPN between a PFSENSE anda Sonic Wall TZ400.The VPN is up no problem. The only thing is that I cannot open ressources like folders, rdp or ping from one side to another. Anybody knows where I should look to fix this issu?

Thanks
jpmoreauAsked:
Who is Participating?
 
Blue Street TechLast KnightCommented:
1. In the SonicWALL, check the log monitor and see if any error/prevention/block/failed related to the traffic, e.g. IP spoof dropped alerts in the log. Then try to find out why the ICMP packets are dropped as IP Spoofs. If this is the case let me know and we can further diagnose this but I provided the IP Spoofing as an example of how to drill down into troubleshooting this.

2. Capture the packets (Dashboard or System > Packet Monitor) on the firewall's WAN interfaces and verify packets can be sent out from the WAN interface correctly. In this case, while pinging from LAN side of SonicWALL to the remote gateway, the SonicWALL is generating an ICMP Redirect packet. So it looks like a routing issue rather than a S2S (Site-to-Site) VPN one.

3. Then navigate to Network > Routing, and check the Route Policies. From the Route Policy entry look for the PFSENSE Address Object under the Destination column and verify the subnet mask is correct. For example if it has a 31-Bit subnet mask this will cause no traffic to pass since 31-Bit subnet mask is not supported by SonicOS unless your SonicOS version is 6.2.7.1 or greater. In this case, the SonicWALL does not recognize the traffic from the PFSENSE network.

4. Dial in your MTU on both firewalls, here's how: https://www.experts-exchange.com/articles/12615/Unstable-Slow-Performing-Networks-or-VPNs-just-go-grocery-shopping.html

Reduce the VPN proposals to the lowest security settings in order to establish a baseline, DH Group 1, 3DES, SHA1, No Perfect Secrecy, etc. Make sure the local & remote networks are setup correctly. Verify the Address Objects are correct for the respective networks.

Let me know what you find and if you have any questions!
0
 
Blue Street TechLast KnightCommented:
Hi jpmoreau,

What is the make/model of both firewalls?

I take it traffic is not passing at all?
0
 
jpmoreauAuthor Commented:
I have PFSENSE on 2.4 on one site and a
SonicWall TZ400 on they other side. Correct the traffic is not passing
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
jpmoreauAuthor Commented:
I erased all my VPN on both sides and rebuild them. Now I can ping from PFSENSE to SonicWall but not from SonicWall to PFSENSE. The same for opening directory and everything
0
 
Fred MarshallPrincipalCommented:
Not all VPNs are created equal.  The subnets are different, right?  

The Windows firewall can affect File and Printer sharing between subnets.  If that's the issue then adding Scope to the File and Printer sharing rules may fix it.  
You would have "local subnet" and then you would add the other subnet to Incoming Rules / Remote Address in addition.
0
 
Blue Street TechLast KnightCommented:
Again, JP, what are you seeing in the logs?

What has the packet capture shown? Have you set one up for the VPN?

These are the starting points to troubleshooting this. I laid out everything in my previous comment above.

If you need help in performing any of these...simply ask!
0
 
jpmoreauAuthor Commented:
I don't need this VPN anymore.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.