I have a VPN server on my LAN. With my previous router (Untangle), I had a port forward rule for the following:
tcp AND udp 500,1701,4500,1723
Worked fine. But on the Barracuda X300, no matter what I try, I cannot connect to the VPN server, even if I forward any/all ports and protocols. The traffic never makes it to the server (using tcpdump to watch.) On the client end, I get
listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:45:32.661442 IP [clientip].500 > [serverip].500: isakmp: phase 1 I ident
14:45:32.705251 IP [serverip].500 > [clientip].500: isakmp: phase 1 R inf
14:45:35.705894 IP [clientip].500 > [serverip].500: isakmp: phase 1 I ident
14:45:35.744256 IP [serverip].500 > [clientip].500: isakmp: phase 1 R inf
14:45:38.744863 IP [clientip].500 > [serverip].500: isakmp: phase 1 I ident
14:45:38.784516 IP [serverip].500 > [clientip].500: isakmp: phase 1 R inf
then it times out ("server not responding.") Again, the server itself never sees the traffic, nor does the Barracuda show anything from my real source IP in the firewall log. Other, non-VPN stuff on the same server (e.g. ssh, https) work fine.
I've tried every combination I can think of re: Connection settings on the rule itself (default SNAT, No SNAT, a connection object with an explicit NAT type + an outbound rule to force replies to come from the same IP, etc. Nada.
I am aware that the Barracuda product offers VPN services of its own, but I really need to get the old one working again until I can update my scattered clients.
Thanks in advance for any advice or ideas. It doesn't look like I can attach screenshots to posts here, but I can upload and link to them if need be.