Quote:
Originally Posted by wesley
Vpn is ok, but, factory can't ping or can't access to the ftp.
|
Then the VPN is
not ok. SAs and Flows might be established, but proper traffic may not be tunneled.
Quote:
|
When i use tcpdump, i can see some packets but nothing is blocked.
|
That is insufficient information for any of us to help you. We can't see what device or file you were running tcpdump with, nor have we seen any output that shows us anything.
Note:
You will only see PF logged packets when using tcpdump with pflog0 for real time, or /var/log/pflog* history files.
You will not be able to confirm correct/incorrect tunnel operations unless you use tcpdump with your gateway NIC, and also with enc0. enc0 will show unencrypted packets sent via the tunnel, the gateway NIC should show the ESP packets for traffic destined between your company and the factory, no TCP traffic between your company and the factory, and only UDP for port 500 for IPSec key exchanges and port 4500 for NAT traversal.