Hi,
I have an issue with an O2 femotcell unit "Boostbox" that routes 3G over the Internet due to bad cell coverage.
This should make an outbound/inbound connection using IPSEC to the O2 servers, it works fine at home on a standard Upnp router with Virgin, but via the Sophos UTM (125W) I'm not seeing any outbound traffic. IT has a reserved IP in DHCP from the Windows server on the LAN.
I have port 50 IPSEC-ESP DNAT inbound to the device as the per the documentation;
Backhaul router/firewall configuration must permit the following protocols and ports:
• IP Protocol ID 50: For both inbound and outbound filters. Should be set to allow Encapsulating Security Protocol (ESP) traffic to be forwarded.
• UDP port 500 (IPSec IKE)
• UDP port 4500 (IPSec IKE NAT-Traversal)
• UDP port 123 (NTP)
Some routers do block IPSec by default - this can usually be overcome by activating "IPSec Pass through"
It's not working.. anything else I should consider?
It works like this:
After connecting the Boostbox to the power supply and to a suitable internet connection it receives an
Ethernet MAC Address from initial contact information and sends an IP Request to the DHCP server to
request a Local IP Address, a Local netmask, a default gateway and a public DNS IP Address.
The Boostbox uses the IP Address of the public DNS to request the IP Address of the IPSec Router of
the O2 network interface. Now the Boostbox can reach the Security Gateway (SeGW)/IPSec Router that
will be the Tunnel Endpoint for the secure IP connection
The firewall live logs do not show any outbound traffic, but remember this works find on a "home" router at a different location.
any ideas?
Doz
This thread was automatically locked due to age.
