Hello All,
I have a few Site to Site IPSEC VPN's setup between me and a number of locations.
I was running V8 8.103 and had no problems - everything was working fine.
I decided to use up2date to get to the latest version 8.301 and this updated fine.
After the update the VPN tunnels status shows green and I can ping to devices at remote locations.
However anything more results in a firewall block due to Default Drop Rule.
I did not change any settings between the updates.
My firewall rules are fairly simple
#1 Allow Internet(Network) --Any--> VPN-0-LAN (192.168.0.0/16)
#2 Allow VPN-0-LAN (192.168.0.0/16) --Any --> Internal(Network)
#3 Deny Any -- Any -- Any
All my remote networks have /16 IP Range e.g 192.168.120.X, 192.168.121.X etc..
My Network is 192.168.150.0/24
I found that I changed rule #3 to Allow Any -- Any -- Any
Then everything works fine - so it is clear that the VPN is fine and it is something to do with the firewall.
Disabling #3 does not do anything as the drop is being done due to the Default Drop Rule.
Through trial and error, I found that now if I enable Automatic Firewall Rules in my IPSEC connection.
Then all works fine.
However this does not explain what I am doing wrong or what has changed [:S]
In a similar way the remote devices use my Gateway for NTP services.
Now they cannot (even with Automatic Firewall Rule checked).
My NTP Services is set to allowed Networks:
# Internal(Network)
# VPN-0-LAN (192.168.0.0/16)
Once again if I add "Any" to the above list then all works fine again.
Have the rules to firewalls changed or has something else gone wrong!
Thanks
Peter
This thread was automatically locked due to age.
