Hi,
I setup up an IPsec Tunnel to a couple of external Cisco VPN Concentrator. using a PIX 506e as the internal endpoint.
I gave to the external Astato ASG 120 interface (eth2) an additional public address, and on eth1 the internal interface gateway for the PIX (let's say 192.168.10.1 for the iface on Astaro and .10 on Pix 506e).
I created a network group to pool the Cisco Concentrators
The, I wrote the packet rules to allowing the IPSEC group services, pptp and GRE.
I masqueraded the PIX 506 network on external interface.
In the packet filter live log I see that there's is a Default Drop on protocol 50, IPsec ESP.
So I added the DNAT for GRE, PPTP and IPsec.
The problem comes here on IPSEC: when I enable the DNAT rules for:
IPsec ESP
IPsec AH
As I enable them, the CPU on Astaro goes on 100% and it becomes unusable, so I have to put on a backup, since even rebooting does not solve the problem.
Any idea on what do I do wrong?
This thread was automatically locked due to age.