I have an L2TP/IPsec VPN server set up in my TRUST zone. I have created a MIP and a policy for L2TP/IPsec traffic.
- Clients can connect via L2TP/IPsec if they are inside the TRUST zone, so I know the VPN server configuration is OK.
- Clients can connect to the VPN server's MIP using PPTP, so I know MIP configuration is OK.
- Clients can NOT connect via L2TP/IPsec if they try to connect to the MIP. It looks like the connection times out.
- Policy exists to allow UNTRUST -> TRUST traffic to VPN Server's MIP for: UDP 1701, UDP 500, UDP 4500, IP protocol 50, IP protocol 51.
- TRUST LAN interface on SSG 140 is set to 'NAT' mode.
- UNTRUST WAN interface on SSG 140 is set to 'route' mode.
What am I doing wrong here? I know that NAT breaks IPsec, but I thought a MIP would resolve that.