Hi I have some problem on the ipsecadm setting as i ping from 172.16.22.2 to 10.150.17.2 i cant get reply from 10.150.17.2 but i can get replay as i tcpdump on the WAN interface at 1.1.1.1 and 2.2.2.2 but untill 2.2.2.2 interface it ihas the replay but without the "encap". It means when the packet from 10.150.17.2 back to 10.17.22.2 the 10.150.17.2 didn't enter the tunnel so no "encap". My setting is as below. Can anyone point out the error?
Server ipsecadm ipcomp \ -comp lzs \ -cpi 0x0704 \ -src 1.1.1.1 -dst 2.2.2.2 ipsecadm ipcomp \ -comp lzs \ -cpi 0x0407 \ -src 2.2.2.2 -dst 1.1.1.1 ipsecadm flow -in -require -proto ipcomp \ -src 1.1.1.1 -dst 2.2.2.2 \ -addr 172.16.22.0/24 10.150.17.0/24 ipsecadm flow -out -require -proto ipcomp \ -src 1.1.1.1 -dst 2.2.2.2 \ -addr 10.150.17.0/24 172.16.22.0/24 I added "route add -net 172.16.22.0/24 2.2.2.2" Client ipsecadm ipcomp \ -comp lzs \ -cpi 0x0407 \ -src 1.1.1.1 -dst 2.2.2.2 ipsecadm ipcomp \ -comp lzs \ -cpi 0x0704 \ -src 2.2.2.2 -dst 1.1.1.1 ipsecadm flow -in -require -proto ipcomp \ -src 2.2.2.2 -dst 1.1.1.1 \ -addr 10.150.17.0/24 172.16.22.0/24 ipsecadm flow -out -require -proto ipcomp \ -src 2.2.2.2 -dst 1.1.1.1 \ -addr 172.16.22.0/24 10.150.17.0/24 I added "route add -net 10.150.17.0/24 202.171.48.9 * i tcpdump on both gateway and have request no encap but replay with encap * i can't ping from subnet to subnet as i tcpdump on the subnet host no reply from the other end of subnet. On gateway there is request and reply messages with just encap on the WAN interface while LAN interface with just request and reply messages. Any Ideas?
