Just i reset my router i by default, and i have seen this one. Need explanation about yellow highlighter:
That yellow marked text will limit your SRC-NAT to match (and translate) only non-IPsec outgoing traffic. There is no reason to do SRC-NAT on IPsec processed packets as they will likely have IP of the router itself.
Actual reason for this rule is that packets that should match ipsec policy must not be masqueraded. Masquerade will change source address and packets will fail to match against ipsec policy.
That much better explanation. Thanks mrz
i got L2TP-IPSec between two location and i’m having l2tp-ipsec discontions (one time per week) from unknown reason, maybe it will help to solve this issues?
L2TP/Ipsec shouldn’t be affected, because in this case Ipsec uses transport mode and source address is routers WAN address, so masquerade actually is not doing anything.
Problems must be somewhere else.
@nichky Best would be to check your detailed logs from both server and client. There will be your “unknown” reason written. It is highly possible that you don’t have enabled such logging, so you will need to add logging actions for topics “ipsec” and “l2tp” (one action for each topic) and once your disconnection happens, check what does it say.
have a look:
viewtopic.php?f=2&t=139945
@vecernik87 That is the new update:
