Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Always on VPN

Hello All,

 

I apologise if I have missed a specific format or information. I didn't see any specific sets of rules or required information.

 

Has anyone had success with MS Always on VPN in lieu of the in-built XG options? This is on an XG 230. I have been asked to implement this solution for my company and have the two ports for IKEv2 set along with a rule for protocol 50 just in case after much anguish. 

 

It works in the network and a port scan shows 500 and 4500 having the correct services on an open port. I setup some DNAT rules very limited. Basically just masquerading and the services for proto 50, ports 500 and 4500, also currently a reflexive rule as to be honest I'm running out of ideas. The rest of it is fairly unrestricted as I test. Any zone allowed etc. 

 

Any feedback would be greatly appreciated.

 



This thread was automatically locked due to age.