we have just been testing our always on vpn connection which works great.
however we have noticed that some staff have had issues connecting, and we ran this command on the firewall
tail -f packetfilter.log | grep -i
to see what was happening it turns out that when connecting over a hotspot the source port was something like 30338 or just really high in the reserved port list.
so we have changed the NAT rule on Matching condition that the source port is 1:65535
which is also the same for the action
we also had to do this for the 4500 port as well
just unsure that this is ok and not a security risk.......
as when connecting via say my isp virgin, i can connect fine no issues and so can my colleagues, however he has created a test network at home and only modified his home isp router to allow ports above open and when he tested with his hotspot it worked fine
I can only assume its the difference within the NAT protocols
and that effectively i'm trying to force connections to come in on via the source port e.g. 500 and some providers don't like that ??
This thread was automatically locked due to age.