Outbound Policy having no effect


#1

We have an offsite IPSec VPN that we access via client VPN setups on the desktop.

Historically, the VPN has been better behaved over one of our WAN connections and not the other. So, I setup an ‘enforced’ outbound policy rule to ALWAYS map 4500/500 over this WAN.

Today, I noticed that VPN was terribly slow over this link, and figured I’d try changing the two policies, to force 4500/500 over WAN2 instead.

After changing the rules and applying the changes, nothing I did seemed to have any effect.

Help?

-Nick


#2

Hello Nick,

It does sound like you have the idea enforcing UDP 4500 and UDP 500 over a certain WAN. If you are going to be doing it this way I would go go Network>Misc. Settings>Service Passthrough and disable IPSeC NAT-T as this is enabled by default. Then make your outbound policy rules. Also, I would recommend using the priority algorithm instead of enforced as it acts the same way but you will be able to failover the vpn traffic when the first link goes down. Also ensure that these rules are at the top of the outbound policy rules as the rules take precedence top to bottom (descending order).