IPSec Passthrough not working



  • I have disabled the allow any rule from the LAN subnet and have started to create a rule for each type of traffic we would allow inside users to access. It has not been as bad as it sounds. Very few complaints from a non tech user base.

    Anyhow, IPsec Passthrough option is enabled via the NAT Outbound tab but IPSec VPNs cannot go through with the "LAN subnet" to anywhere rule disabled.

    I have made a rule that allows clients from the "LAN Subnet" to connect to any host via UDP 500 thinking the establishment of a connection would allow the outside host back in on whatever port is necessary for key negotiation. I have apparently screwed something up or do not understand exactly what is happening. Can anyone provide assistance?

    Thanks



  • You need to allow protocol esp and ah additionally to go out/through.



  • Allowing AH, ESP, and UDP 42000 outbound from the LAN subnet did the trick. Thanks for the help.  :D


Log in to reply