Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bluecoat vpn targeting specific ports

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      erikfriesen
      last edited by

      I am using netgate built hardware with 2.1p1-RELEASE (i386)

      I have a successful ipsec tunnel created, everything works as expected there.  However, in this type of situation, this filter should only send traffic from port 80 and 440 to the tunnel.

      I find that the only way to reach the internet outside of the tunnel is to delete the SPD's in Status->Ipsec->SPD window.  These are apparently created dynamically and trump all other firewall rules.  I have attempted to hack the ip addresses to include a port number per racoon specs, but without success.  Any ideas here?

      Background docs -
      for cisco - https://bto.bluecoat.com/sgos/ThreatPulse/ThreatPulseAccessMethodsWebGuide/Content/Deployment/Concepts/about_ipsec_rtng_co.htm

      Others - https://bto.bluecoat.com/sgos/ThreatPulse/ThreatPulseAccessMethodsWebGuide/Content/Deployment/Tasks/CiscoASAClass/csco_asa91_config_ta.htm

      1 Reply Last reply Reply Quote 0
      • E
        erikfriesen
        last edited by

        Perhaps ipsec+SPD is broke.  I have tried every way to target a specific port, and no workey.  Plus, pfsense forces gloves on to do any low level stuff, using the xml to rewrite the rules on racoon restart.

        Rapidly losing faith in pfsense…

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.