Outbound Policy rules ignored for VPN using UDP ports 500 & 4500


#1

I have a number of mobile devices that use UDP ports 500 & 4500 to connect to a VPN over WiFi to the router. Despite highest-priority Outbound Policy overflow rules to direct this traffic to other WANs, the VPNs always seem to favor WAN 1 (and WAN 2 if WAN 1 is unavailable), as shown on the Active Sessions page.

I have two rules for UDP traffic for ports 500 & 4500, and a backup rule to catch all outbound traffic to the destination IP network that the VPN operates on.

Peplink One with firmware 7.0.0 (but it behaved the same on prior firmware versions).

Any reason the rules would be ignored?


#2

Please go Network > Service Passthrough then refer setting below:-

If you prefer using Outbound Policy, please disable the IPSec NAT-T.

Hope this help.


#3

Thank you. I didn’t realize passthrough would bypass the Outbound Policy rules. I do now have port 500 and port 4500 sometimes on separate WANs simultaneously for a given VPN, but that doesn’t seem to affect the VPN service.