Bluecoat vpn targeting specific ports
-
I am using netgate built hardware with 2.1p1-RELEASE (i386)
I have a successful ipsec tunnel created, everything works as expected there. However, in this type of situation, this filter should only send traffic from port 80 and 440 to the tunnel.
I find that the only way to reach the internet outside of the tunnel is to delete the SPD's in Status->Ipsec->SPD window. These are apparently created dynamically and trump all other firewall rules. I have attempted to hack the ip addresses to include a port number per racoon specs, but without success. Any ideas here?
Background docs -
for cisco - https://bto.bluecoat.com/sgos/ThreatPulse/ThreatPulseAccessMethodsWebGuide/Content/Deployment/Concepts/about_ipsec_rtng_co.htmOthers - https://bto.bluecoat.com/sgos/ThreatPulse/ThreatPulseAccessMethodsWebGuide/Content/Deployment/Tasks/CiscoASAClass/csco_asa91_config_ta.htm
-
Perhaps ipsec+SPD is broke. I have tried every way to target a specific port, and no workey. Plus, pfsense forces gloves on to do any low level stuff, using the xml to rewrite the rules on racoon restart.
Rapidly losing faith in pfsense…