IPsec Firewall: Difference between revisions

← Older edit

IPsec Firewall (view source)

Revision as of 23:59, 17 August 2018

27 bytes added , 17 August 2018

→‎top: clean up

Reedy

editor

706

edits

Revision as of 20:02, 30 July 2015 (view source) AA-Andrew (talk \| contribs) mNo edit summary ← Older edit		Latest revision as of 23:59, 17 August 2018 (view source) Reedy (talk \| contribs) (→‎top: clean up)
(One intermediate revision by the same user not shown)
<indicator name="Tunnels">[[File:Menu-IPsec.svg\|link=:Category:~~FireBrick_IPsec~~FireBrick IPsec\|30px\|Back up to the FireBrick IPsec Tunnels Category Page]]</indicator> If there is no NAT involved, you need: *UDP port 500 for the IKE control channel Example: <syntaxhighlight lang=xml> <rule-set name="IPsec" source-interface="pppoe" target-interface="self" no-match-action="continue" comment="Non-NATed IPsec connections from PPP to the Brick"> <rule name="IKE" target-port="500" protocol="17" action="accept" comment="Internet Key Exchange"/> Example: <syntaxhighlight lang=xml> <rule-set name="IPsec" source-interface="pppoe" target-interface="self" no-match-action="continue" comment="Allow NATed IPsec connections from PPP to the Brick"> <rule name="IKE" target-port="500 4500" protocol="17" action="accept" comment="Internet Key Exchange"/> Example: <syntaxhighlight lang=xml> <rule-set name="IPsec" source-interface="pppoe" target-interface="self" no-match-action="continue" comment="Allow NATed and Non-NATed IPsec connections from PPP to the Brick"> <rule name="IKE" target-port="500 4500" protocol="17" action="accept" comment="Internet Key Exchange"/> </syntaxhighlight> [[Category:~~FireBrick_IPsec~~FireBrick IPsec\|Firewall]]