Hello Jack, Thursday, March 22, 2007, 6:49:14 PM, you wrote:
JB> ... having some trouble getting a LAN-to-LAN VPN working ... JB> 10.0.0.2/24 --- 10.0.0.1/24 JB> L1 F1 F2 L2 JB> 10.4.14.1 --- 10.4.12.1/22 10.2.12.1/22 --- 10.2.14.1 JB> L1,L2 - laptops JB> F1,F2 - Soekris net4801 firewalls JB> What works: JB> L1-F1 lan communication JB> L2-F2 lan communication JB> F1-F2 lan communication JB> F1-F2 IPSec communication (evidenced by F1 running "ping 10.0.0.1" and JB> seeing only esp packets in tcpdump) JB> What doesn't work: JB> F1-L2 gateway'd VPN JB> F2-L1 gateway'd VPN JB> L1-L2 gateway-to-gateway'd VPN Sorry if I miss something, but I don't see you trying to test Network-to-Network VPN you are talking about. Does it work from an internal computer in one network to an internal computer in another? Gateway-to-Gateway doesn't (and shouldn't, I think) work "out of the box" with the Network-to-Network VPN. Adding manual routs helped me to solve it. Something like "route add 10.2.12.0/22 10.4.14.1" on the F1 and "route add 10.4.12.0/22 10.2.14.1" on the F2. Your numbers a bit confusing, but it's a "route add <network_on_the_other_side> <gateways_internal_interface>". -- Best regards, Boris mailto:[EMAIL PROTECTED]
