I ran into an issue with vpn clients not having access to the internet when connected. We are not using the split-tunnel configuration, so internet access was via the MX device.
To fix the issue, I found that I needed to disable two outbound firewall rules that I had created to prevent proxy vpn activity from bypassing our content filters.
in one rule I denied outbound TCP 1723 and on another rule I denied outbound UPD 500,1701,4500
keeping in mind these are outbound rules and that client vpn connections are created inbound only, it seems to me this would lean towards being a bug-type of situation. I wouldn't expect the firewall rules to apply to inbound vpn traffic until after it has left the tunnel and is actually being sent out to the internet, at which point the vpn protocols are no longer in play.
anyone have any thoughts or ideas on this setup?
Zane D - IT Manager in Sin City NV