I guess the idea is that when you set up IPSec tunnel, you want to allow tunneled traffic, and that’s what default firewall does. It it was my choice, I’d let users add required rules manually, which would force them to think about it (what exactly they want to allow, because it’s not necessarily everything, and they’d be aware that they did something). But if it’s there by default, it does nothing until you actually add some IPSec tunnel, and it probably limits support requests, because many people would forget to manually allow tunnelled traffic.
Hi Sob,
I have problem connecting my phone to my L2TP IPsec server on my mikrotik. The phone can connect to the server but I cannot get the internet working and cannot access my private LAN. Pls help. Here is my thread:
http://forum.mikrotik.com/t/l2tp-ipsec-server-for-remote-clients-can-connect-but-no-internet-cannot-access-local-lan/137705/1