I'm having trouble with the Firewall on a 2860 which doesn't seem to be working as expected. I'm trying to configure it to allow internal PCs access to a remote L2TP VPN.

With the Firewall default rule set to "Pass" all works perfectly.

However, when the rule is set to "Block" the VPN clients can't connect to the remote server.

I have two Firewall rules but neither seems to allow the VPN clients to connect...

LAN/DMZ/RT/VPN -> WAN "Internal PCs" Any Any Pass Immediately
LAN/DMZ/RT/VPN -> LAN/DMZ/RT/VPN "Internal PCs" Any Any Pass Immediately

Am I missing something? The two Firewall rules above should be enough but the 2860 is still blocking the connection. The firmware version is 3.8.4.5_BT if it helps.

I have found a workaround for this issue.

As I couldn't get the "Block" default rule to work as expected I changed it to "Pass" and created any any "Block Immediately" rules at the end of the filter set.