The path of 'output' packet are:
- postrouting
\-- src-nat
- ipsec encryption
I'm make a lab: the IPSec transport mode, IPSec policy and L2TP client.
Just add a simple passthrough rules:
Code: Select all
/ip firewall nat
add action=passthrough chain=srcnat log=yes log-prefix="SRC-NAT for OUTPUT connection" port=1701 protocol=udp to-addresses=192.0.2.1
add action=passthrough chain=srcnat ipsec-policy=out,ipsec log=yes log-prefix="SRC-NAT for OUTPUT connection with IPSec OUT on" port=1701 protocol=udp to-addresses=192.0.2.1
add action=passthrough chain=srcnat ipsec-policy=out,none log=yes log-prefix="SRC-NAT for OUTPUT connection with IPSec OUT off" port=1701 protocol=udp to-addresses=192.0.2.1
I.e. "SRC-NAT" block in "Postouting" for "Output" unencrypted packet are not worked?
CCR1016-12G
v6.46.1
