Does pfsense/freebsd filter the "session id"?
-
thanks for replying.
Well, they claim that it would work on other offices were also only one
fix ip-adress for outside connections is available… so they tend to
be sure that it is our problem.A site-to-site is not possible, since the policy of the customer
does not allow that anymore (big company, you know...).Any other idea? Can it be NAT?
-
I've had 3-4 simultaneous client machines connected to the same Cisco VPN device before.
I'm guessing they must not have NAT-T enabled on their end. It works fine with that.
-
thanks for the answer.
Ok, but if their configuration works for other supporting companies
and since you can confirm that these kind of connections do work at all,
the problem must be on our side.What could it be? We only got some inbound-NAT rules, but
i don't think they have anything to do with it, as said, the
firewall rules are just "LAN -> any", and we do automatic NAT
from LAN to internet. -
what pfsense version are you running?
-
pfSense 1.0.1 RELEASE
-
Well, shouldn't matter, one of the machines I go through to get to the Internet is a 1.0-RC version.
Do you have advanced outbound NAT enabled?
-
no, "advanced outbound NAT " is disabled.
I have "Enable IPSec passthru" aktivated. -
Upgrade to a recent testing snapshot: http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/updates/
-
I seriously doubt if a snapshot is going to change anything, but I would try it.
There are some IPsec passthrough changes, though I don't think it will matter because I'm running behind way older versions than what you are and don't have problems.
-
Something just hit me. Looking back at the subject, "session ID", that's not IPsec related (AFAIK). Is this by chance a PPTP or L2TP connection? We (or at least I) hear Cisco and assume IPsec.
-
i assume they use IPSec yes, but i have forwarded the question to be sure.
I will post the answer as soon as i get it. -
ok i got an answer:
"…this is a common problem we do encounter with many routers that are not Cisco/AVM,
the address translation of IPSec is not handled correctly, therfore our gateway can't
differentiate between the incomming connections..."So it's IPSec. Any ideas?