Forward Chain
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 192.168.0.2 anywhere tcp dpt:smtp
DROP tcp -- 192.168.0.0/24 anywhere tcp dpt:smtp
ACCEPT esp -- anywhere anywhere
changed the iptable to
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT esp -- anywhere 195.xxx.xxx.xxx to:192.168.0.250
DNAT udp -- anywhere 195.xxx.xxx.xxx udp dpt:isakmp to:192.168.0.250:500
DNAT udp -- anywhere 195.xxx.xxx.xxx udp dpt:ipsec-msft to:192.168.0.250:4500
conntrack
11:51:30 [NEW] udp 17 30 src=93.xxx.xxx.xxx dst=195.xxx.xxx.xxx sport=500 dport=500 [UNREPLIED] src=192.168.0.250 dst=93.xxx.xxx.xxx sport=500 dport=500
11:52:08 [DESTROY] udp 17 src=93.xxx.xxx.xxx dst=195.xxx.xxx.xxx sport=500 dport=500 packets=4 bytes=3068 src=192.168.0.250 dst=93.xxx.xxx.xxx sport=500 dport=500 packets=0 bytes=0