This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to allow IPSEC traffic through the firewall?

Hi

We have a FreeS/Wan gateway in a DMZ so I need to allow incoming and outgoing IPSEC traffic to/from that gateway.
The pre-defined services only contain ISAKMP which covers phase 1 of IPSEC, but what about AH, SKIP and ESP? How do I allow them through the Astaro? I could define specific services of course, but how do I define protocol 50??

Thanks for any advice
D. O.

This thread was automatically locked due to age.

Parents

0 omega over 20 years ago

is seems that you didn't even try.
When defining a new service, you can choose the protocol.
esp and ah are predefined there.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 omega over 20 years ago

is seems that you didn't even try.
When defining a new service, you can choose the protocol.
esp and ah are predefined there.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 darkobserver over 20 years ago in reply to omega

You're right, of course I found that out myself in the meantime, sorry

I've created separate services for AH end ESP and protocol 50 and put them all in a group along with ISAKMP. Using that service group in a rule should suffice, right?

One more thing: I noticed SPI numbers in case of AH end ESP are the same by default, is that okay?

Thanks
D. O.
Cancel
Vote Up 0 Vote Down

Cancel