I banged my head on this for a while before I realized our network admin
probably had the Cisco PIX VPN config to only work with UDP, not TCP.
Our default config is to use UDP, but that didn't work for me on pfsense
v.86. After I read the e-mail below I stopped trying to connect over
UDP. (Stupid me. I'm a sysadmin, not a netadmin.) While I was typing
up the "please help me" e-mail I realized that TCP was not configured at
the endpoint in the office, and for giggles I tried UDP. I was amazed
at how fast it connected. It worked with IPSec Passthrough disabled and
enabled.
This was killing me because pfsense was noticeably faster than my old
LinkSys, but VPN had to work so I could connect to my office.
Thanks for a fast and easy firewall!
Chris
stephan schneider wrote:
> i am trying to get a (NATed) connection to an external VPN using
> > the cisco vpn client. Unfortunately it just doesn't work -
> > no connection. I added the port 500 (isakmp) and allowed ESP to pass
> > the firewall. But I think there's more to do to get NAT-Traversal
> > to work :-(
Got the solution.
In the vpn client connection configuration you have to choose
"IPSec over TCP" and of course "Enable Transparent Tunnel".
No custom rules, no "IPSec passthru" (that's a different approach),
no custom nat rules (only the default: nat all lan) are needed.
Thanks Bill!
Have a nice day.
Stefan.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]