![]() Set service nat rule 5000 type masquerade Set service nat rule 5000 outbound-interface eth0 Set service nat rule 5000 destination address 172.16.1.0/24 set service nat rule 5000 description ipsec-exclude Prevent the traffic between the remote and local subnets from being translated by NAT. Set firewall name WAN_IN rule 30 ipsec match-ipsecĤ. Set firewall name WAN_IN rule 30 log disable Set firewall name WAN_IN rule 30 source address 172.16.1.0/24 Set firewall name WAN_IN rule 30 destination address 192.168.1.0/24 Set firewall name WAN_IN rule 30 description ipsec Set firewall name WAN_IN rule 30 action accept Set firewall name WAN_LOCAL rule 60 ipsec match-ipsec Set firewall name WAN_LOCAL rule 60 log disable Set firewall name WAN_LOCAL rule 60 source address 172.16.1.0/24 ![]() Set firewall name WAN_LOCAL rule 60 destination address 192.168.1.0/24 Set firewall name WAN_LOCAL rule 60 description ipsec set firewall name WAN_LOCAL rule 60 action accept Add firewall rules that allows IPsec traffic between the remote and local subnet in the inbound and local direction. Set firewall name WAN_LOCAL rule 50 protocol udpģ. Set firewall name WAN_LOCAL rule 50 log disable Set firewall name WAN_LOCAL rule 50 destination port 4500 Set firewall name WAN_LOCAL rule 50 description nat-t Set firewall name WAN_LOCAL rule 50 action accept Set firewall name WAN_LOCAL rule 40 protocol esp Set firewall name WAN_LOCAL rule 40 log disable ![]() Set firewall name WAN_LOCAL rule 40 description esp Set firewall name WAN_LOCAL rule 40 action accept ![]() Set firewall name WAN_LOCAL rule 30 protocol udp Set firewall name WAN_LOCAL rule 30 log disable Set firewall name WAN_LOCAL rule 30 destination port 500 Set firewall name WAN_LOCAL rule 30 description ike set firewall name WAN_LOCAL rule 30 action accept Add firewall rules that allow IKE and ESP in the local direction. You can verify these firewall and NAT rules by running the following commands on both routers: sudo iptables -L -v -nĬhain UBNT_VPN_IPSEC_FW_HOOK (1 references)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |