I have a client MT gw in my network (10.100.4.171) with activated L2TP server. When I tried connect from my network 10.100.0.0/16 connection was made succesfully.
But I`d like to connect via main GW with public static IP.
I forwarded udp 500 and 4500.
3 ;;; VPN repack
chain=dstnat action=dst-nat to-addresses=10.100.4.171 to-ports=4500
protocol=udp dst-address=public_IP dst-port=4500 log=no
log-prefix=“”14 ;;; VPN repack
chain=dstnat action=dst-nat to-addresses=10.100.4.171 to-ports=500
protocol=udp dst-address=public_IP dst-port=500 log=no
log-prefix=“”
I can see incoming packets in 10.100.4.171 but connection failed.
4:22:20 ipsec,info respond new phase 1 (Identity Protection): 10.100.4.171[500]<=>85.237.234.6[3697]
14:22:21 ipsec,info ISAKMP-SA established 10.100.4.171[4500]-85.237.234.6[7045] spi:ff076a170ab61237:42c2af4843ec15df
14:22:57 ipsec,info purging ISAKMP-SA 10.100.4.171[4500]<=>85.237.234.6[7045] spi=ff076a170ab61237:42c2af4843ec15df.
14:22:57 ipsec,info ISAKMP-SA deleted 10.100.4.171[4500]-85.237.234.6[7045] spi:ff076a170ab61237:42c2af4843ec15df rekey:1
Something wrong with GRE?
I have no idea where can be a problem because I never forwarded L2TP before.
This is routing case because GW(MT)-----router(MT)-----AP(MT)-----10.100.4.171(MT) but I have no drop rules in the firewalls in the routing trace.
Any idea?