ipsec routing dinamic ip over adsl

Thu, 31 May 2012 20:08:50 -0700 

hi folksi have the following problemremote office connect to my vpn server in
order to connect to the internals over the ipsec tunnel the office has ip
phonesto connect to call manager over the 192.168.0.0/16 the ip phone
192.168.30.2/28 so the ip phone connect correct but thereis another ip client
a watch the people wants to excract info from the watch who is over the net
172.1.100.1 th PC that whants to connect to runs over the 10.0.0.89 but i can
reach the watch and the watch can not ping over the 172 address space the
clientit is a cisco router over ADSL line so DInamic public IP is
on172.1.100.1 --X192.168.30.2--OKvpn openbsd server ipsec.confike passive esp
from any to {192.168.0.0/16, 10.0.0.0/16, 172.1.0.0/16} peer any \main auth
hmac-sha1 enc aes-128 group modp1024 \quick auth hmac-sha1 enc aes-128 psk
1234ABC3344ike passive from {192.168.0.0/16, 10.0.0.0/16, 172.1.0.0/16} to any
\main auth hmac-sha1 enc aes-128 group modp1024 \quick auth hmac-sha1 enc
aes-128 psk 1234ABC3344ipsecctl -sallFLOWS:flow esp in from 192.168.30.0/28 to
192.168.0.0/16 peer 187.131.59.237 srcid x.x.x.x/32 dstid 187.131.59.237/32
type useflow esp out from 192.168.0.0/16 to 192.168.30.0/28 peer
187.131.59.237 srcid x.x.x.x/32 dstid 187.131.59.237/32 type requireSAD:esp
tunnel from 187.131.59.237 to x.x.x.x spi 0x4a135abc auth hmac-sha1 enc aesesp
tunnel from x.x.x.x to 187.131.59.237 spi 0x96591035 auth hmac-sha1 enc
aesifconfigbge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:11:85:f1:cb:6b        priority: 0        groups: egress
media: Ethernet autoselect (1000baseT full-duplex)        status: active
inet x.x.x.x netmask 0xffffff00 broadcast 148.235.89.255        inet6
fe80::211:85ff:fef1:cb6b%bge0 prefixlen 64 scopeid 0x1re0:
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500        lladdr
00:22:6b:bd:8a:1e        priority: 0        media: Ethernet autoselect
(1000baseT full-duplex)        status: active        inet 10.0.0.1 netmask
0xffffff00 broadcast 10.0.0.255        inet6 fe80::222:6bff:febd:8a1e%re0
prefixlen 64 scopeid 0x2rl0:
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500        lladdr
00:50:bf:05:3f:6b        priority: 0        media: Ethernet autoselect
(100baseTX full-duplex)        status: active        inet 192.168.100.210
netmask 0xffffff00 broadcast 192.168.100.255        inet6
fe80::250:bfff:fe05:3f6b%rl0 prefixlen 64 scopeid 0x3enc0: flags=0<>
priority: 0        groups: enc        status: activenetstat -nf -f
encapRouting tablesEncap:Source             Port  Destination        Port
Proto SA(Address/Proto/Type/Direction)192.168.30.0/28    0     192.168/16
0     0     187.131.59.237/esp/use/in192.168/16         0     192.168.30.0/28
0     0     187.131.59.237/esp/require/outany ideas?

Reply via email to