Is it necessary to add explicit rules to allow inbound ISAKMP (UDP 500)
and ESP (IP protocol 50) on the WAN interface?
I had a problem with pfsense 2.0.1 failing to accept sessions initiated
by a Cisco ASA5505. tcpdump showed the ASA was sending ISAKMP phase 1
and pfsense was not replying. I added a rule to allow UDP 500 in and
after that it worked.
Is the same required for ESP?
Does pfsense 2.1 also require this? I have a new site with pfsense 2.1
which hasn't shown this problem (yet), but that could just be through luck.
Thanks,
Brian.
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
