Any chance the UDP 500 negotiations between the firewalls for ipsec tunnels could be directed to negotiate on a different port leaving 500 available for L2TP traffic behind the firewall?
-----Original Message----- From: Chris Buechler <[EMAIL PROTECTED]> Sent: Thursday, May 22, 2008 1:47 PM To: [email protected] Subject: Re: [pfSense Support] Problem running IPSec VPN on the PFSense box and L2TP IPSec behind the box On Thu, May 22, 2008 at 11:42 AM, Matthew Grooms <[EMAIL PROTECTED]> wrote: > > Hmmm. Assuming the L2TP clients are roaming with dynamic addresses, why not > setup rules that forward IPsec related traffic from anywhere but the static > IPsec peers to the L2TP host? I'm not sure how the pfsense rules would look > but in plain pf it would look something like this ... > Hmm, that's a good idea. Unfortunately we only allow policy NAT in outbound NAT, not inbound, so that wouldn't be possible now. I opened a feature request ticket, that would be nice to have at some point. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
