Indentical install here, and had the same problem mapping all ports through.
However in our scenario only one external client was assessing IPSEC server
at a time. Not sure how this would impact multi users.
Either map only the ports you need + 1723 for IPSEC to internal Fwall or
server
or
Include all ports for wildcard/incoming NAT with the exception of 161 (SNMP)
-Sam
-----Original Message-----
From: karlnet-bounces@WISPNotes.com
[mailto:karlnet-bounces@WISPNotes.com]On Behalf Of Andrew Johnston
Sent: Monday, 19 May 2003 2:32 p.m.
To: Karlnet Mailing List
Subject: [Karlnet] IPSEC VPN Support
I have a client who want to use Outbouind NAT, no problem with that part.
Same client want to have a IPSEC VPN server on their private side network.
IPSEC Outbound works 100% with the passthru
If I enable Incoming NAT with a wildcard pointing to their Firewall, all is
Okay
EXCEPT: I loose the ability to PING and SNMP manage the SR4200 (RG1000)
with the configurator.
Routed with the allocation of small public /30 subnet is not desirable as it
wastes IP's
Anybody know a way around this ?
_______________________________________________
Karlnet mailing list
Karlnet@WISPNotes.com
http://lists.wispnotes.com/mailman/listinfo/karlnet
|