On Mon, Feb 15, 2010 at 12:05 AM, Abdulrehman <[email protected]> wrote: > I have a DMZ setup behind my Pfsense. I have some remote web sites which i > access through VPN using Cisco VPN client. Everything works fine with > aoutomatic outbound NAT but when i switch to advanced outbount NAT with same > firewall rules at LAN and WAN side, i can not access my VPN sites. Vpn gets > connected but sites are not accessible.... > am I missing anything.....? >
The default outbound NAT rules don't rewrite the source port on UDP 500 traffic (ISAKMP) because that generally breaks it, your outbound NAT rules probably do. Add a rule to use static port for UDP 500. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
