IPSec VPN Tunnel only working one-way

epg_will · ‎02-01-2021

There was a power outage at our remote site and since then the IPsec tunnel appears to only work in one direction. My remote users can access local resources, but I cannot so much as ping anything on the other side of the remote firewall. I am able to interface with the remote firewall through its web interface. I can also ping the remote devices from the remote firewall but not directly from my computer. We use a site-to-site IPsec VPN tunnel. The remote side is behind a NAT. The problem appears to be with the remote firewall, but I cannot see any policies that could be blocking my local computer from interfacing with the remote computers. The local and remote computers are on different subnets, but I have policies that should be allowing them to talk. I updated to the latest firmware update and no change either. The local firewall has not been updated.

Any ideas on what the culprit could be?

ede_pfau · ‎02-02-2021

Unidirectional traffic can only be connected to the policy not working in that direction. Edit the corresponding policy, change a value, save, re-edit, restore the original value, save. If that doesn't help, I suspect more damage to the remote FGT.

Ede Kernel panic: Aiee, killing interrupt handler!

epg_will · ‎02-02-2021

[strike]But how am I able to access the remote firewall yet I cannot communicate with any device on the other side of it?[/strike]

A colleague of mine helped me figure out the issue. Earlier in the week, I hastily created a separate subnet for a Windows server 2000 for a contractor to remote into. This subnet happened to comprised the hosts that I was wanting to connect to and were being blocked by another policy. When the power outage happened, the implicit deny prioritized this traffic.

IPSec VPN Tunnel only working one-way

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website