ipsec routing with cisco over adsl connections

Fri, 01 Jun 2012 13:41:21 -0700 

i agree lets try again!
hi folks

> Date: Fri, 1 Jun 2012 10:55:09 -0700
> From: tyl...@tradetech.net
> To: genesi...@hotmail.com
> Subject: Re: ipsec routing dinamic ip over adsl
>
> On 5/31/2012 7:31 PM, carlos albino garcia grijalba wrote:

i have the following problem
remote office connect to my vpn server in  order to connect to the internals
over the ipsec tunnel the office has ip
phones
 to connect to call manager over the 192.168.0.0/16 the ip phone
192.168.30.2/28 so the ip phone connect correct but thereis another ip
client a watch the people wants to excract info from the watch who is
over the net 172.1.100.1 th PC that whants to connect to runs over the
10.0.0.89 but i can  reach the watch and the watch can not ping over the
 172 address space the clientit is a cisco router over ADSL line so
DInamic public IP is  on172.1.100.1 --X192.168.30.2--OK

vpn openbsd server
ipsec.conf
ike passive esp from any to {192.168.0.0/16, 10.0.0.0/16, 172.1.0.0/16} peer
any \
main auth hmac-sha1 enc aes-128 group modp1024 \
quick auth hmac-sha1 enc aes-128 psk 1234ABC

ike passive from {192.168.0.0/16, 10.0.0.0/16, 172.1.0.0/16} to any \
main auth hmac-sha1 enc aes-128 group modp1024 \
quick auth hmac-sha1 enc aes-128 psk 1234ABC
ifconfig
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:11:85:f1:cb:6b
        priority: 0
        groups: egress
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet A.B.C.D netmask 0xffffff00 broadcast 148.235.89.255
        inet6 fe80::211:85ff:fef1:cb6b%bge0 prefixlen 64 scopeid 0x1
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:22:6b:bd:8a:1e
        priority: 0
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
        inet6 fe80::222:6bff:febd:8a1e%re0 prefixlen 64 scopeid 0x2
rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:50:bf:05:3f:6b
        priority: 0
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 192.168.100.210 netmask 0xffffff00 broadcast 192.168.100.255
        inet6 fe80::250:bfff:fe05:3f6b%rl0 prefixlen 64 scopeid 0x3
enc0: flags=0<>
        priority: 0
        groups: enc
        status: active

ipsecctl -sall
FLOWS:
flow esp in from 192.168.30.0/28 to 192.168.0.0/16 peer 187.131.59.237 srcid
148.235.89.18/32 dstid 187.131.59.237/32 type use
flow
 esp out from 192.168.0.0/16 to 192.168.30.0/28 peer 187.131.59.237
srcid 148.235.89.18/32 dstid 187.131.59.237/32 type require

SAD:
esp tunnel from 187.131.59.237 to 148.235.89.18 spi 0xbed90da8 auth hmac-sha1
enc aes
esp tunnel from 148.235.89.18 to 187.131.59.237 spi 0xda01bfaa auth hmac-sha1
enc aes

netstat -nr -f encap
Routing tables

Encap:
Source             Port  Destination        Port  Proto
SA(Address/Proto/Type/Direction)
192.168.30.0/28    0     192.168/16         0     0
187.131.59.237/esp/use/in
192.168/16         0     192.168.30.0/28    0     0
187.131.59.237/esp/require/out

Reply via email to