This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ipsec VPN and Packet Filter -

Like most commercial firewalls is it possible to send ipsec traffic through the packet filter? where rules would need to be specified instead of all ports being allowed from the ipsec endpoint to the Astaro network...?

This thread was automatically locked due to age.

0 BAlfson over 17 years ago

You probably have a packet filter rule that allows Any traffic from Internal (Network) to go anywhere. If your VPN creates IPs outside of the Internal (Network) subnet, you need a smilar rule to allow the VPN traffic to go anywhere.

I find it so convenient that the new version allows assigning VPN IPs by our regular in-house DHCP server. It really cleans up the packet filter list and removes the need to SNAT some VPN traffic.

Then again, if you want to limit what the VPN traffic can access, then the sseparate subnet with DNAT and packet filter rules will be your choice.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel