you lost me at “port forwarding”. Making NAT work for IPSEC (passthrough) can be … quite challenging.
Hopefully you’re attempting to terminate IPSEC on the pfSense box, and the ISP router is configured to: IP Protocol ID 50: For both inbound and outbound filters. Should be set to allow Encapsulating Security Protocol (ESP) traffic to be forwarded. IP Protocol ID 51: For both inbound and outbound filters. Should be set to allow Authentication Header (AH) traffic to be forwarded. UDP Port 500: For both inbound and outbound filters. Should be set to allow ISAKMP traffic to be forwarded. Note that ‘forwarding’ here is packet forwarding, not port forwarding. If so, I’ve simply misunderstood you. If not, you’re not going to make it work without a >TON< of work on NAT-traversal. You say you looked at: https://doc.pfsense.org/index.php/Mobile_IPsec_on_2.0 (I think). Commercial support is available if you need it. Jim On Jan 4, 2014, at 5:03 PM, Carlos Vicente <[email protected]> wrote: > Hi all, > > I have a problem with an IPSec VPN from mobile clients (IOS and Android). I > can establish the tunnel but can’t ping, RDP or SSH the pfSense or any client > behind it (which is working with OpenVPN). I see the “passed” logs on the > firewall tab but can’t access the systems. > > My pfSense WAN is on the same subnet as the LAN of the ISP router, which has > port forwarding of ESP, AH and IKE to the pfSense WAN network adapter. All > the rules are correct and I they appear correctly on logs. > > My PfSense version is 2.0.3 upgraded from 1.2.3. I have tried all kind of > configs from the doc “Mobile IPsec on 2.0”, but, as I said, can establish the > connection but can´t access any device on LAN subnet. > > I use this excellent appliance for many years, so I must have IPSec VPN > working on mobile clients the same way I have them working with OpenVPN. > > I’m stuck here, so any help would be very appreciated. > > Thanks. > CV > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
