Try a rule for your client/lan -> remote IP any port any protocol (I understand you may wish to lock it down later). Look at the state entries to that remote IP after a successful connection, that should help determine the exact rules you want.
--Bill On 6/28/06, Allen Laymon <[EMAIL PROTECTED]> wrote:
Ok, I have gone into one of my interfaces under rules and opened ports 500, 10000 and 62515 for UDP. I have created all three rules the same way using 'any' source, port #, Destination 'any', port #, and Gateway 'default'. I've also attempted using a 'specific' gateway of my WAN interface that I want to designate for the Cisco VPN Client. I have also tried using the source as my 'internal network' and the gateway as my 'specific' external wan interface. I can connect but it is VERY intermittent if it allows. I may get to connect 1/3 of the time, if I'm lucky. Any suggestions on what I'm doing wrong on the rules? Allen -----Original Message----- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 27, 2006 10:49 PM To: discussion@pfsense.com Subject: Re: [pfSense-discussion] load balancing - fail over On 6/27/06, Allen Laymon <[EMAIL PROTECTED]> wrote: > I'm having an issue using load balancing/failover and using a Cisco VPN > client to connect to a remote machine. It's hit and miss whether or not the > Cisco VPN client works. It appears to go out one of my internet > connections, but can return on the second internet connection? I'm not sure > how to resolve this. Anyone have a similar instance? > > Allen You'll want to create a rule that sends this traffic out only one WAN link (you won't get failover on that rule...sorry). The issue here is that most IPSec clients usually use two connections, UDP 500 (or whatever NAT-T lives on) and proto ESP. Unless you get lucky and both make it out the same WAN and establish state that way, the remote gateway is going to drop you when it see's different source addresses from the connections. --Bill