16.3.4. Procedure – Forwarding IPSec traffic on the packet level

If IPSec traffic on Zorp is not required to be terminated, only to be forwarded, create packet filtering rules for the Encapsulating Security Payload (ESP) (protocol number 50) and AH (protocol number 51) protocols. Complete the following steps:

  1. Select the Packet filter ZMC component from the configuration tree, and click on the Ruleset tab.

  2. In the Hierarchy column, open the filter table, and select the FORWARD chain.

  3. Click New Child, enter 50 into the Protocol field, and click OK. Optionally, also specify the source and destination interfaces.

  4. Select the FORWARD chain, click New Child, enter 51 into the Protocol field, and click OK.

  5. Click Generate ruleset.

  6. Commit and upload the configuration changes and reload the Packet filter component.