On 10/16/05, stephan schneider <[EMAIL PROTECTED]> wrote: > Hello Folks, > > i am trying to get a (NATed) connection to an external VPN using > the cisco vpn client. Unfortunately it just doesn't work - > no connection. I added the port 500 (isakmp) and allowed ESP to pass > the firewall. But I think there's more to do to get NAT-Traversal > to work :-( > > According to > http://kerneltrap.org/node/2948 > it is necessary to set up the rule: > nat on $ext_if inet proto { tcp, udp } from $internal port = 500 to any > -> ($ext_if:0) port 500 > > How can this rule be set using the GUI?
This is enabled by default unless you use advanced outbound NAT. Make sure: Firewall->NAT->Outbound: Enable IPSec passthru is checked. > I am using pfsense-0.86.4. Should be working in 0.86.4, I did introduce a bug a version or two back that broke IPSec passthru, but I believe the fix for that made it into 86.4 (hard to say, my boxes are usually running some Frankenstein version). If you send in your /tmp/rules.debug, I'd be willing to take a quick peek and make sure the NAT rule is correct. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
