I have added a rule at my LAN interface for UDP 500. But still same issue...cannot access remote websites...
On Mon, Feb 15, 2010 at 10:23 AM, Chris Buechler <[email protected]>wrote: > On Mon, Feb 15, 2010 at 12:05 AM, Abdulrehman <[email protected]> > wrote: > > I have a DMZ setup behind my Pfsense. I have some remote web sites which > i > > access through VPN using Cisco VPN client. Everything works fine with > > aoutomatic outbound NAT but when i switch to advanced outbount NAT with > same > > firewall rules at LAN and WAN side, i can not access my VPN sites. Vpn > gets > > connected but sites are not accessible.... > > am I missing anything.....? > > > > The default outbound NAT rules don't rewrite the source port on UDP > 500 traffic (ISAKMP) because that generally breaks it, your outbound > NAT rules probably do. Add a rule to use static port for UDP 500. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > -- Regards Abdulrehman
