Would it help if we allowed 0.0.0.0 to be entered in the WebGUI? On 8/3/05, alan walters <[EMAIL PROTECTED]> wrote: > > > > Below is the xml of the remote tunnel. > > > > On the remote side I added a the following rules > > > > (1) Advanced out bound NAT > > > > 192.168.168.110 to any use gateway xxx.xxx.xxx.xxx > > > > (2) firewall rules > > > > Allow 192.168.168.110 to any on interface LAN > > > > Then the following tunnel was hacked into the xml configuration file. > > > > <tunnel> > > > <interface>wan</interface> > > <local-subnet> > > > <address>192.168.168.110</address> > > </local-subnet> > > > <remote-subnet>0.0.0.0/0</remote-subnet> > > > <remote-gateway>xxx.xxx.xxx.xxx</remote-gateway> > > <p1> > > > <mode>aggressive</mode> > > <myident> > > > <myaddress/> > > </myident> > > > <encryption-algorithm>3des</encryption-algorithm> > > > <hash-algorithm>sha1</hash-algorithm> > > > <dhgroup>2</dhgroup> > > > <lifetime>3600</lifetime> > > > <pre-shared-key>xxxxxxxxxxxx</pre-shared-key> > > > <private-key/> > > <cert/> > > <peercert/> > > > <authentication_method>pre_shared_key</authentication_method> > > </p1> > > <p2> > > > <protocol>esp</protocol> > > > <encryption-algorithm-option>3des</encryption-algorithm-option> > > > <encryption-algorithm-option>blowfish</encryption-algorithm-option> > > > <encryption-algorithm-option>cast128</encryption-algorithm-option> > > > <encryption-algorithm-option>rijndael</encryption-algorithm-option> > > > <hash-algorithm-option>hmac_sha1</hash-algorithm-option> > > > <hash-algorithm-option>hmac_md5</hash-algorithm-option> > > > <pfsgroup>0</pfsgroup> > > > <lifetime>3600</lifetime> > > </p2> > > <descr>test</descr> > > </tunnel> > > > > > > Give it a try > > > > Alan > >
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
