We are configuring an MX-250 as a VPN Concentrator. It will handle client VPN connections and authenticate against a RADIUS server. It is set up with port forwarding from our primary MX-250. However, we are seeing blocks from our internal firewall rules. For example, I get a tcp block on the source IP of 204.79.197.200 and source port of 443, with a target IP of 10.1.250.192 and target port of 61702. It looks like the blocks are somehow reversed. The VPN client is at 10.1.250.192 and is trying to create a 443 connection to 204.79.197.200, but I get a block in the opposite direction. Another example: According to our firewall, Google at 8.8.8.8 is trying to hit our VPN client for a DNS lookup on udp port 53. It is backwards! Any ideas would be welcome. When we finally find the problem, I will post the answer. Thank you.
... View more