Hi,
I’m trying to run QoS on our network and I have a problem with IPsec. When I turn on options “use IP firewall” and “use IP firewall for VLAN” on a bridge, nobody is able to make an IPsec tunnel through this bridge. I’m not using any filter rules, just mangle rules to mangle packets for queue tree. Most of the traffic is closed in VLANs.
Do you have any ideas, how to make IPsec work through a bridged unit with IP firewall over that bridge?
Thanks
Be sure GRE protocol (47) and TCP port 1723 are not filtered.
Theese were not blocked… I still do not know the answer, I had to turn off “us ip firewall” on bridge and I am looking for other ways to prioritize traffic, but thanks for the reply
I am having the same problem. I am trying to do queues on ip address on the bridge. I need “use ip firewall” to be checked in-order to see the address. As soon as I turn it on random traffic starts to drop, some pings drop, other vlan traffic drops, its just random.
I added rules in the firewall saying 0.0.0.0/0 to 0.0.0.0/0 accept but it still continues to drop. Not sure what is causing this.
Anyone else having issues with this?
How else can i do rate limiting? I know I can rate limit under ip/interface but this does not allow me to do over a 10M rate limit.