[Leaf-user] VPN tunnel up, but can't reach other subnet

Thu, 04 Apr 2002 03:35:45 -0800 

I have two DCD 1.02 firewalls that work well as firewalls but I want to connect two 
subnets by creating a VPN tunnel between them. The Firewalls are on the same ethernet.

Host1 ---- leftsubnet = = = FW1 --------- FW2 = = = rightsubnet ---- Host 2
192.168.0.0/24            194.248.236.75     194.248.236.74              192.168.1.0/24

The tunnel is created OK but from Host1 I can't ping Host 2 ('ping 192.168.0.4' gives 
100% loss). 

I have attached various info and any help is greatly appreciated.

Cheers,
Rein Inge Hoff

All info from FW2:

# ipsec look               
firewall Wed Feb 28 14:43:44 UTC 2001
192.168.1.0/24     -> 192.168.0.0/24     => [EMAIL PROTECTED] 
[EMAIL PROTECTED]  (0)
ipsec0->eth0 mtu=16260(1500)->1500
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=in  src=194.248.236.75 
iv_bits=64bits iv=0x98a10d883ec1cabc ooowin=64 alen=128 aklen=128 eklen=192 
life(c,s,h)=add(21,0,0)
[EMAIL PROTECTED] ESP_3DES_HMAC_MD5: dir=out src=194.248.236.74 
iv_bits=64bits iv=0xe2807de5f53f3daa ooowin=64 alen=128 aklen=128 eklen=192 
life(c,s,h)=add(21,0,0)
[EMAIL PROTECTED] IPIP: dir=in  src=194.248.236.75 life(c,s,h)=add(21,0,0)
[EMAIL PROTECTED] IPIP: dir=out src=194.248.236.74 life(c,s,h)=add(21,0,0)
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         194.248.236.73  0.0.0.0         UG        0 0          0 eth0
192.168.0.0     194.248.236.75  255.255.255.0   UG        0 0          0 ipsec0
194.248.236.72  0.0.0.0         255.255.255.248 U         0 0          0 eth0
194.248.236.72  0.0.0.0         255.255.255.248 U         0 0          0 ipsec0
-------------

>From ipsec.conf:

# defaults for subsequent connection descriptions
conn %default
        # How persistent to be in (re)keying negotiations (0 means very).
        keyingtries=0
        authby=secret

conn oks
        # Left security gateway, subnet behind it, next hop toward right.
        left=194.248.236.75
        leftsubnet=192.168.0.0/24
        # Right security gateway, subnet behind it, next hop toward left.
        right=194.248.236.74
        rightsubnet=192.168.1.0/24
        auto=add
--------------------
# net ipfilter list | grep 50               
    9  1664 ACCEPT     udp  ------ 0xFF 0x00  eth0           0.0.0.0/0            
0.0.0.0/0             * ->   500
    0     0 ACCEPT     50   ------ 0xFF 0x00  eth0               0.0.0.0/0            
194.248.236.74        n/a
---------------------
# lsmod | grep ipsec
ip_masq_ipsec           7328   0 (unused)




_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user

Reply via email to