CSS and IPSec

Unanswered Question
Oct 18th, 2007

Not able to establish the IPSec remote access VPN from the inside zone of the firewall.

Connectivity:

Inside network is connected to the inside interface of the firewall.

Firewall outside interface is connected to the CSS

CSS is connected to ISP-1 and ISP-2

Please suggest, how to enable the NAT transparency is CSS to work the IPSec RA VPN ?

Is it possible?

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Thu, 10/18/2007 - 04:48

the CSS does not support IPSEC or GRE and can't even route this traffic.

Gilles.

rhholmes Fri, 08/29/2008 - 06:18

Gilles,

To confirm your statement. Are you saying that an IPsec tunnel cannot be routed through the CSS even when it is only being routed and not part of any content rule / group / flow?

While I'm asking, is this true of the ACE products as well?

Thanks,

Rob

Gilles Dufour Mon, 09/01/2008 - 23:45

Rob,

that's correct. The CSS will reject protocol type that are not icmp,tcp or udp.

Even if not loadbalanced.

ACE does not have this limitation.

Gilles.

Actions

This Discussion