In addition to the above rules, Remote User tunnels need extra rules. These are extra rules are for
the QOTD (Quote of the Day) server, Password server and ICMP that the IPSec client issues.
Table
229,
Table 230
and
Table 229 Firewall rules for the QOTD server
Protocol
TCP
Source IP
IP address of the client tunnel (this may be the IP address pool range or the fixed IP
address assigned to the tunnel)
Source Mask
255.255.255.255
Destination IP
The IP address of the Private network that the client IP address comes from (for
example, if the Client tunnel IP address is 10.10.10.20 and the Private interface IP
address is 10.10.10.1, then the destination IP is 10.10.10.1)
Destination Mask
255.255.255.255
Destination Port
17
Table 230 Firewall filter for the Password server
Protocol
TCP
Source IP
IP address of the client tunnel (this may be the IP address pool range or the fixed IP
address assigned to the tunnel)
Source Mask
255.255.255.255
Destination IP
The IP address of the Private network that the client IP address comes from (for
example, if the Client tunnel IP address is 10.10.10.20 and the Private interface IP
address is 10.10.10.1, then the destination IP is 10.10.10.1)
Destination Mask
255.255.255.255
Destination Port
586
Table 231 Firewall filter for the ICMP that the Client sends to the tunnel endpoint
Protocol
ICMP
Source IP
Client PC IP address
Source mask
255.255.255.255
Destination IP
Remote Endpoint address
Destination mask
255.255.255.255
Table 232 Firewall filter for Private Network
Protocol
IP
Source IP
Private Network IP address
Source Mask
Private Network Subnet mask
Source Port
All
Destination IP
Private Network IP address
Destination Mask
Private Network Subnet mask
Destination Port
All
Table 231
show the rules required.
IPSec
Programming Operations Guide
771