I believe so. I have two ports opened under Rules for my IPSEC configuration.
On Feb 28, 2014, at 3:27 PM, Brian Candler <b.cand...@pobox.com> wrote: > Is it necessary to add explicit rules to allow inbound ISAKMP (UDP 500) and > ESP (IP protocol 50) on the WAN interface? > > I had a problem with pfsense 2.0.1 failing to accept sessions initiated by a > Cisco ASA5505. tcpdump showed the ASA was sending ISAKMP phase 1 and pfsense > was not replying. I added a rule to allow UDP 500 in and after that it worked. > > Is the same required for ESP? > > Does pfsense 2.1 also require this? I have a new site with pfsense 2.1 which > hasn't shown this problem (yet), but that could just be through luck. > > Thanks, > > Brian. > > _______________________________________________ > List mailing list > List@lists.pfsense.org > http://lists.pfsense.org/mailman/listinfo/list _______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list