Connecting to IPsec endpoints from behind a NetWall firewall

Last modified on 5 Apr, 2023. Revision 11
This article describes how to connect to an IPsec endpoint from behind a NetWall firewall (for example, a client on the protected LAN network connecting to the Wan_ip on the WAN (ISP) network).
Up to date for
cOS Core 14.00.06
Supported since
cOS Core 11.x
Status OK
Peter Nilsson


I want to configure a roaming IPsec client/server setup where I can can connect to the firewall VPN server from the Internet but also from inside/behind the firewall. But when i try to connect with the client from the inside nothing happens, the firewall does not reply at all.


The firewall behaves this way because the IPsec engine expects that the interface where the request was received will be the sending interface as well. But if you connect to , for example, the WAN interface from the LAN interface, it will be LAN that will be the sending interface towards the client.

The solution to this problem is straightforward. Configure the Local Endpoint setting on the IPsec tunnel to be the IP address of the external interface, as shown in the screenshot below:

Now, the IPsec engine and cOS Core will know which IP address it should use as the sender IP even if the sender interface is the internal LAN interface.

Note: In older cOS Core versions where the Local Endpoint setting does not exist, the solution is to set the same IP address on both WAN and LAN interface.

Related articles

Configuring L2TP/IPsec Server using PSK
11 Jan, 2023 ipsec core vpn
Setup of a Layer-3 bridge over IPsec in cOS Core
12 Apr, 2023 core proxyarp arp ipsec routing
Configuring public certificates in NetWall firewalls
18 Mar, 2024 core certificate oneconnect ipsec vpn
cOS Core L2TP server setup with Windows Server CA certificates
21 Feb, 2023 ipsec certificate windows ca core
Problem with auto-created Core routes
22 Mar, 2021 core ipsec routing
Certificate update in InControl global domain on certificate that is used on firewall(s)
18 Mar, 2024 core incontrol certificate oneconnect ipsec vpn
Setting up OSPF with IPsec in cOS Core
16 Apr, 2024 core routing ospf ipsec
cOS Core IPsec IKEv1 "No_Proposal_Chosen" error in 14.00.10
4 Aug, 2023 core ipsec troubleshoot ike
IPsec license usage calculation
14 Apr, 2021 core license ipsec
Does IPsecBeforeRules trigger before Access rules?
8 Sep, 2020 core ipsec rules access
Split tunneling in cOS Core with Windows L2TP/IPsec clients
29 Mar, 2023 ipsec core windows vpn l2tp
Troubleshooting IPsec tunnels (IKEv1)
7 Dec, 2022 ipsec ike troubleshoot core
cOS Core IKEv2 tunnel setup with certificates for iOS clients
5 Apr, 2023 core nps ipsec radius legacy
Freeing up more memory in the Firewall
23 Aug, 2022 core connections ipsec memory
Route failover with IPsec tunnels in cOS Core
13 Feb, 2023 ipsec core routing failover