IPSec Passthrough not working
-
I have disabled the allow any rule from the LAN subnet and have started to create a rule for each type of traffic we would allow inside users to access. It has not been as bad as it sounds. Very few complaints from a non tech user base.
Anyhow, IPsec Passthrough option is enabled via the NAT Outbound tab but IPSec VPNs cannot go through with the "LAN subnet" to anywhere rule disabled.
I have made a rule that allows clients from the "LAN Subnet" to connect to any host via UDP 500 thinking the establishment of a connection would allow the outside host back in on whatever port is necessary for key negotiation. I have apparently screwed something up or do not understand exactly what is happening. Can anyone provide assistance?
Thanks
-
You need to allow protocol esp and ah additionally to go out/through.
-
Allowing AH, ESP, and UDP 42000 outbound from the LAN subnet did the trick. Thanks for the help. :D