[Ilugc] IPSEC Connection between Gateway Firewalls
- From: binand@xxxxxxxxx (Binand Sethumadhavan)
- Date: Thu Jun 29 13:02:43 2006
On 29/06/06, ~adarsh~ <vpadarsh@xxxxxxxxx> wrote:
There was some misconfiguration in the subnet mask i fixed it.
When i am trying to ping a machine from behind the firewall at one end
to one at the other end the packets are rejected at the lan interface
eth0.What may be the reson?
What do you mean, when you say "rejected"? Do you get an ICMP network
unreachable response?
Your config:
config setup
interfaces=%defaultroute
conn %default
left=217.66.217.131
leftsubnet=152.109.247.0/255.255.255.240
leftnexthop=217.66.217.142
conn firewalldxb.test.com-vpn
right=195.229.190.151
rightcert=firewalldxb.test.com.crt
rightsubnet=192.168.1.0/255.255.255.0
rightnexthop=195.229.190.145
I am not sure if you need those leftnexthop/rightnexthop entries. I
have been trying to find config file documentation for this IPSec
package, but without much success. The main reason I believe your
tunnel is not working is because that the IPSec daemon does not bring
up the ipsec0 interface at the end of successful P2 negotiation, and
neither does it add routing table entries for rightsubnet into that
tunnel interface. The reason for that looks to me as if the config
file tells the IPSec daemon explicitly to add the routes to the
leftnexthop/rightnexthop IPs and not the the ipsec0 interface.
Binand
Other related posts: