On 10/3/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > All- > > Today I upgraded my Wrap .84 to .86 via the Mini-Wrap Upgrade file. > > My Cisco VPN (software client on my laptop to connect to my office) no > longer connects. > > Logs from the pfsense firewall (forwarded to a server via syslog) show that > ISAKMP is being blocked inbound. With PFSense .84, I never had to have a > NAT port-forward for UDP/500. > > ==========snip=========== > > Oct 3 14:23:09 192.168.0.1 pf: 39. 806905 rule 146/0(match): block in on > sis1: 65.215.72.34.500 > 64.142.26.224.500: [|isakmp] > > ==========snip===========
How bizarre...that's the pre-NAT'd address too. It's almost like the outbound NAT rule for this got re-arranged. Can I see your /tmp/rules.debug? > Even setting up a port-forward for UDP/500 doesn't work. Without this of course :) You would have needed it to create a rule too...but my bet is that the outbound traffic is getting NATd wrong. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]