IPsec Firewall: Difference between revisions
mNo edit summary |
mNo edit summary |
||
|
The config force-NAT option [Note the capitalisation ] can be used to force IKE to treat the connection as if it was NATed. This is in the top-level ipsec-ike config item and you need "Show all" on the UI.
Here is an example rule set for allowing IPsec in to a FireBrick:
<syntaxhighlight>
<rule-set name="IPsec" source-interface="pppoe" target-interface="self" no-match-action="continue" comment="Allow IPsec connections from PPP to the Brick">
<rule name="IKENAT" target-port="500 4500" protocol="17" action="accept" comment="Internet Key Exchange - network protocol used by IPSec"/>
<rule name="ESP from anywhere" protocol="50" action="accept" comment="Encap Security Payload"/>
</rule-set>
</syntaxhighlight>
[[Category:FireBrick_IPsec|Firewall]]
| |||