Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
ISAKMP and Outbound NAT Rules.
« previous
next »
Print
Pages: [
1
]
Author
Topic: ISAKMP and Outbound NAT Rules. (Read 5105 times)
brim2full
Newbie
Posts: 11
Karma: 0
ISAKMP and Outbound NAT Rules.
«
on:
May 15, 2020, 02:58:04 pm »
I was digging around my firewall rules today trying to check why I'm having a problem with OpenVPN, unrelated. I noted two autoconfigured NAT outbound rules both include IP address ranges associated with lan, localhost and my OpenVPN.
Interface Src. Networks Port Dest.
Networks Port NAT Address Port Static Port Description
WAN LAN networks, * * 500 WAN * YES Auto created rule for ISAKMP
127.0.0.0/8,
op.en.vpn.0/24
WAN LAN networks, * * * WAN * NO Auto created rule
127.0.0.0/8,
op.en.vpn.0/24
What immediately caught my eye though was
Auto created rule for ISAKMP
. Not being the most experienced in these things and not recognising ISAKMP I googled the interweb. It appears ISAKAMP is strongly associated with IPSEC and CISCO neither of which I am using. So why does this rule exsist? Also, if my understanding of the outbound rules are correct, I'm wonder if the rule is actually required. Would it not be covered by the second rule, (
Auto created rule
)?
It might also be sensible to query my reading of these rules and that would be:
map source addresses:ports (the source networks listed) leaving the WAN interface to destination addresses:ports.
If that is wrong then please educate me.
Regards all and keep safe.
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: ISAKMP and Outbound NAT Rules.
«
Reply #1 on:
May 15, 2020, 03:01:00 pm »
This rules is created since you have automatic nat or hybrid nat enabled.
It will NAT outbound connections from LAN to WAN with the WAN IP. Everything fine until here?
If an internal client wants to use a VPN client to outside world, this mostly only works when you have static port mapping (again, direction only LAN to WAN). So OPNsense adds this too to minimize your troubleshooting if something doesn't work.
Usually you also want this for SIP/RTP
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
brim2full
Newbie
Posts: 11
Karma: 0
Re: ISAKMP and Outbound NAT Rules.
«
Reply #2 on:
May 15, 2020, 03:30:59 pm »
Thanks mimugmail your reply was insightful and raises specific OpenVPN question not related to this post so I'll give it some thought and maybe post a different question.
Mean while back to this ranch.... does OpenVPN use the ISAKMP protocol?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
ISAKMP and Outbound NAT Rules.