I was connecting a laptop with a Cisco VPN client to our UTM using ipsec/certs
Although the client authenticated, no traffic was passing even though the rules appeared ok. The UTM was using a default ipsec pool of 10.242.4.0/24
When I did an ipconfig /all on the windows laptop with Cisco client, it showed an ip address from the UTM issued ipsec vpn pool ie 10.242.4.1
The only problem was, it had a mask of /8 255.0.0.0 instead of /24 255.255.255.0 and no traffic flowed.
Changing this on the UTM to a class C 192.168.100.0/24 ipsec vpn pool and boom..... everything worked as it should.
Further testing to be done eg change back to 10.10.10.0/24 to see if it issues a /24 instead of a /8 to see if this is a bug?
This thread was automatically locked due to age.
