This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN behind Astaro FW

I'm currently testing Astaro 2.0.16 and having trouble to connect from an L2TP/IPSec VPN-Client to a VPN-W2k-Server, which sits in the DMZ.

I've created a service group VPN with the following services:
IKE-packets: UDP 500  500
LTP: UPD 1701  1701
LTP ESP: SPI 256:4294967295
LTP AH:  SPI 256:4294967295

and added the following rule:
From: Any, Service: VPN, To: VPN-Server

Result: No connection from VPN-Client

So I create another rule
From: Any, Service: Any, To: VPN-Server

Result: No connection from VPN-Client

Either I'm missing something or Astaro doesn't support this scenario. Does it? Any comments welcome.

Regards,

Rainer

This thread was automatically locked due to age.

Parents

0 ollion over 23 years ago

Rainer,

is Packet Filter Violation Livelog clean?
Next question, do you use NAT for this
service/connection?

regards
ollion
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 ollion over 23 years ago

Rainer,

is Packet Filter Violation Livelog clean?
Next question, do you use NAT for this
service/connection?

regards
ollion
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Rainer Wittmann over 23 years ago in reply to ollion

Hi Ollion,

I'm currently in contact with Astaro Support and they/we are working on this problem. For now it seems that the problem is caused by a fragmented ISAKMP-packet, which is silently discarded by the FW and so IKE is never sucessfully finished.
I will post results once I have more informations.

Regards

Rainer
Cancel
Vote Up 0 Vote Down

Cancel