Do these protocols need to be "enabled" whether IPSec over UDP or IPSec over TCP are used behind a PAT/NAT device or is it ONLY when they don't have any translation occuring at all like a cable modem or something? Also when you're on a cable modem or something like that how can you really tell if your ISP is blocking these protocols?
It seems we've been getting away with ignoring 50 and 51, but are running into issues were the IPSec SA will timeout when it never should be at all. I wonder if this is why.
If you're doing IPSec over UDP/TCP then you shouldn't see these protocols, as they'll be inside a UDP/TCP packet.
If you're not doing UDP/TCP encapsulation, you should still be able to build a tunnel to whatever it is you're connecting to, cause this is all done with ISAKMP (UDP 500). If these are being blocked by your ISP, you then won't be able to ping or transfer any data over that tunnel, cause this is all done with protocol 50 and 51 packets. Of course, these are also not handled by a lot of PAT devices, so it may not be that your ISP is blocking it, but rather you're being PAT'd somewhere and this device is dropping them. If you have a valid global IP address though, you probably aren't being PAT'd.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...