Are there are known issues with any of the IPS rules, used in conjunction with L2TP-IPSec VPN connectivity?
I have been trying to narrow down a problem using L2TP testing with non-NAT-ed and NAT-ed peers; and found that when a 'fairly full' IPS rule set is used (OS, mail servers, client software, protocol anomaly, malware, IM, multimedia aps) it's not possible to successfully establish an L2TP connection with a NAT-ed peer (Win7 client). I have deactivated all the other Anti-DOS/Flooding and Anti-Portscan features.
I've checked that the Win7 IPSec-relevant services are active (as detailed in the knowledge base).
Tested using iPhone (non-NAT-ed peer) and Win7 client system (NAT-peer). Interstingly, the iPhone is using the t-mobile 3G data network here in The Netherlands, and the Win7 notebook is on a t-mobile WiFi hotspot. I can try the Win7 system later today, running as a non-NAT-ed peer to confirm the observed behaviour.
As a side note, I'm still trying (and failing) to enable both of the WAN connections (domestic Cable and ADSL connections) on the Astaro system to listen simultaneously for incoming L2TP connections. Have searched and read everything that I can find, only to see some hints that this should be possible.
Any feedback or testing suggestions would be most welcome - thanks in advance!
