- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IPSec VPN Tunnel only working one-way
There was a power outage at our remote site and since then the IPsec tunnel appears to only work in one direction. My remote users can access local resources, but I cannot so much as ping anything on the other side of the remote firewall. I am able to interface with the remote firewall through its web interface. I can also ping the remote devices from the remote firewall but not directly from my computer. We use a site-to-site IPsec VPN tunnel. The remote side is behind a NAT. The problem appears to be with the remote firewall, but I cannot see any policies that could be blocking my local computer from interfacing with the remote computers. The local and remote computers are on different subnets, but I have policies that should be allowing them to talk. I updated to the latest firmware update and no change either. The local firewall has not been updated.
Any ideas on what the culprit could be?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unidirectional traffic can only be connected to the policy not working in that direction. Edit the corresponding policy, change a value, save, re-edit, restore the original value, save. If that doesn't help, I suspect more damage to the remote FGT.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[strike]But how am I able to access the remote firewall yet I cannot communicate with any device on the other side of it?[/strike]
A colleague of mine helped me figure out the issue. Earlier in the week, I hastily created a separate subnet for a Windows server 2000 for a contractor to remote into. This subnet happened to comprised the hosts that I was wanting to connect to and were being blocked by another policy. When the power outage happened, the implicit deny prioritized this traffic.
