• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to setup IPSEC tunnel with Watchguard Firebox with NAT-T enabled

Scheduled Pinned Locked Moved IPsec
2 Posts 2 Posters 3.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    ttblum
    last edited by Nov 16, 2011, 8:19 PM

    Hello,

    I currently have an IPSec tunnel setup between by pfSense 2.0 RC3 and a Watchguard Firebox.  The tunnel seems to be unstable, and the last time it went down I noticed the pfSense firewall was blocking UDP traffic on port 4500 - I believe UDP port 4500 is Nat-Traversal.

    I currently have a firewall rule on the WAN interface allowing UDP 500 traffic, do I also need to add a rule allowing UDP port 4500 traffic?

    Thanks,

    Todd

    1 Reply Last reply Reply Quote 0
    • L
      lint
      last edited by Nov 21, 2011, 6:14 PM

      @ttblum:

      do I also need to add a rule allowing UDP port 4500 traffic?

      That depends on if you are using NAT-T.

      Look in your tunnel configuration to see if you have NAT Traversal enabled in pfSense.  It is in the advanced options at the bottom of the phase 1 policy.

      If both firewalls have NAT-T on, then you will need to allow access over UDP 4500, or disable it on both.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received