Applicable Version: 10.00 onwards

 

Scenario

 

Cyberoam should bypass the IPSec VPN traffic between Site A and Site B, in other words, between Router A and Firewall B. The network schema is as given below.

 

 

 

 

Configuration

Cyberoam can bypass IPSec VPN traffic if it has its UDP ports 500 and 4500 open both from WAN and LAN sides. To open the ports, follow the steps given below. The configuration is to be done from Web Admin Console using Administrator profile. 

Step 1: Create Virtual Host for UDP port 500

Go to Firewall à Virtual Host à Virtual Host and click Add to create a new virtual host according to parameters given below.

 

 

 

 

Parameter Description

Parameter	Value	Description
Name	UDP_Port_500	Name to identify the Virtual Host.
External IP	#PortC – 10.10.1.1	External IP address is the IP address through which Internet users access internal server/host.
Mapped IP	172.16.16.20	Mapped IP address is the IP address of the internal server/host.
Physical Zone	LAN	LAN, WAN, DMZ, VPN or custom zone of the mapped IP addresses. For example, if mapped IP address represents any internal server then the zone in which server resides physically.
Port Forwarding
Enable Port Forwarding	Enabled	Click to enable service port forwarding.
Protocol	UDP	Select the protocol TCP or UDP that you want the forwarded packets to use.
Port Type	Port	Click to specify whether port mapping should be single or range of ports.
External Port	500	Specify public port number for which you want to configure port forwarding.
Mapped Port	500	Specify mapped port number on the destination network to which the public port number is mapped.

Step 2: Add Firewall Rule

Enable Add Firewall Rule(s) For Virtual Host and specify parameters shown in the screen as required. Click Add Rule(s) to add the firewall rule. The above firewall rule forwards all traffic from port 500 on WAN side to port 500 on the LAN side.

Step 3: Create Virtual Host for UDP port 4500

Step 4: Add Firewall Rule

Note: