What firewall rules are needed to allow L2TP over IPSEC from Windows 11

13»

All Replies

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited November 2023

    and the VPN is by WAN2?

    Its possible the Photocopier your pinging only allows from the subnet its in so test to a PC

    but if the ping makes it and a reply happens then it should do back to the VPN tunnel.

    if you have "Use Policy Route to control dynamic IPSec rules" checked uncheck it

  • VPN_Newbie
    VPN_Newbie Posts: 14  Freshman Member
    First Comment

    Earlier you said to disable SNAT on the policy which I did. With the firewall still down, I re-enabled it, and now I have full traffic across the VPN, directory browsing, and pinging the photocopier. It looks like SNAT is needed for the VPN?

  • PeterUK
    PeterUK Posts: 3,326  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    The SNAT will make your traffic come from 192.168.0.254 from the VPN instead of the VPN IP range so if your happy with that.

    It is odd that you can't ping with SNAT none as the device will see its from 192.168.50.1 use gateway 192.168.0.254 to send it back.

Security Highlight