On Wed, May 21, 2008 at 6:50 PM, John Greiner <[EMAIL PROTECTED]> wrote: > Hi All > > I've been having a hard time getting any responses to the following PFSense > problem. Your feedback/suggestions/hunches would be greatly appreciated. I > need PFSense to allow site to site IPSec tunnels on the firewall and not kill > access to the L2TP/IPSec server sitting behind the firewall. If I forward > UDP 500 to the L2TP server (OS X Tiger), L2TP clients work fine but the site > to site IPSec tunnels cease functioning (no response from the firewall). If > I turn off the rule, the tunnels work fine but the L2TP clients can't connect > (no response). >
You can't do both with one public IP. If you NAT UDP 500, it's going to get redirected to the internal host before it can touch any service running locally on pfSense. You need two public IPs, one per. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
