Thank you Chris for the response! Glad it wasn't just me being a dolt. I wonder what kind of magic the Secure Computing folks were able to conjure up that enables UDP 500 to be shared at the firewall and behind it...
-----Original Message----- >From: Chris Buechler <[EMAIL PROTECTED]> >Sent: May 21, 2008 7:28 PM >To: support@pfsense.com >Subject: Re: [pfSense Support] Problem running IPSec VPN on the PFSense box >and L2TP IPSec behind the box > >On Wed, May 21, 2008 at 6:50 PM, John Greiner <[EMAIL PROTECTED]> wrote: >> Hi All >> >> I've been having a hard time getting any responses to the following PFSense >> problem. Your feedback/suggestions/hunches would be greatly appreciated. I >> need PFSense to allow site to site IPSec tunnels on the firewall and not >> kill access to the L2TP/IPSec server sitting behind the firewall. If I >> forward UDP 500 to the L2TP server (OS X Tiger), L2TP clients work fine but >> the site to site IPSec tunnels cease functioning (no response from the >> firewall). If I turn off the rule, the tunnels work fine but the L2TP >> clients can't connect (no response). >> > >You can't do both with one public IP. If you NAT UDP 500, it's going >to get redirected to the internal host before it can touch any service >running locally on pfSense. You need two public IPs, one per. > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]