Sorry I forgot to mention that user1 and user2 has the same public ip.
many thanks ..
carlopmart wrote:
Hi all,
We have several problems with ipsec connections for roadwarriors clients
using x509 certificates. We use ipsec.conf to accomplish this
configuration:
ike passive proto tcp from 192.168.2.3 to { 129.31.0.0/16,
129.11.0.0/16, 129.61.0.0/16, 129.71.0.0/16 } port 5900 \
quick auth hmac-sha1 enc 3des group modp1024
ike passive proto tcp from 192.168.2.3 to { 129.31.0.0/16,
129.11.0.0/16, 129.61.0.0/16, 129.71.0.0/16 } port 3389 \
quick auth hmac-sha1 enc 3des group modp1024
ike passive esp from 192.168.0.3 to any main auth hmac-sha1 enc 3des \
srcid firewall.ourdomain.com dstid [EMAIL PROTECTED]
ike passive proto tcp from { 192.168.2.9, 192.168.2.10, 192.168.2.11 }
to { 129.42.0.0/16, 192.168.156.0/24 } port 5900 \
quick auth hmac-sha1 enc 3des group modp1024
ike passive proto tcp from { 192.168.2.9, 192.168.2.10, 192.168.2.11 }
to { 129.42.0.0/16, 192.168.156.0/24 } port 3389 \
quick auth hmac-sha1 enc 3des group modp1024
ike passive esp from 192.168.0.3 to any main auth hmac-sha1 enc 3des \
srcid firewall.ourdomain.com dstid [EMAIL PROTECTED]
Well, this configuration doesn't works. If user [EMAIL PROTECTED]
connects to our lans, [EMAIL PROTECTED] (if he is connected) lost
all connections.
If we change third and sixth lines with:
ike passive esp from 192.168.0.3 to any main auth hmac-sha1 enc 3des
srcid firewall.ourdomain.com
only one user can be authenticated. Somebody how can I resolve this
problem?? ipsec.conf man pages doesn't helps .....
Many thanks.
--
CL Martinez
carlopmart {at} gmail {d0t} com