hi all,
i am trying to setup a conection from office1 gateway (213.x.x.113) to
office2 gateway (151.x.x.4)
office1 gateway is behind a firewall, i have never configured this
connection before
office2 gateway is already connected to another office via vpn(freeswan) on
the firewall
both seem to be up ok, but i think there is some problem with the firewall
on office1 either receiving the response from office2 or a problem
delivering the message back to the office1 gateway.
here is the output from a tcpdump on office2 firewall(also gateway)
you can see that it receives a MI1 from office1 and responds with an MR1.
but i dont know if it gets there..
12:12:26.756505 213.x.x.113.isakmp > 151.x.x.4.isakmp: isakmp: phase 1 I
ident: [|sa] (DF) [tos 0x40]
12:12:26.757028 151.x.x.4.isakmp > 213.x.x.113.isakmp: isakmp: phase 1 R
ident: [|sa] (DF)
12:13:01.749002 arp who-has 213.x.x.113 tell 151.x.x.4
12:13:01.749628 arp reply 213.x.x.113 is-at 0:b0........b4
------------------------------------------------|
the following info may be of use |
------------------------------------------------|
office1 |
subnet 172.16.0.0/16 |
ipsec gateway 172.16.5.24 / 213.x.x.113 |
firewall 172.16.1.1 / 213.x.x.2 |
router 213.x.x.1 |
|
|
office2 |
subnet 10.1.0.0/16 |
firewall/gateway 151.x.x.4 |
router 151.x.x.1 |
------------------------------------------------|
here is my ipsec.conf files from both offices
------------------------------------------------------|
Office1: ipsec.conf |
------------------------------------------------------|
# basic configuration |
config setup |
interfaces=%defaultroute |
klipsdebug=none |
plutodebug=all |
|
# defaults for subsequent connection descriptions |
conn %default |
type=tunnel |
keyingtries=0 |
authby=rsasig |
|
# VPN TUNNEL 1 - 2 |
conn 1to2 |
[EMAIL PROTECTED] |
left=172.16.5.24 |
leftsubnet=172.16.0.0/16 |
leftnexthop=213.x.x.1 |
leftfirewall=yes |
leftrsasigkey=cDSCSDCscjsdc........ |
[EMAIL PROTECTED] |
right=151.x.x.4 |
rightsubnet=10.1.0.0/16 |
rightnexthop=151.x.x.1 |
rightfirewall=no |
rightrsasigkey=2dfdrsm043DSDSG............ |
auto=start |
------------------------------------------------------|
------------------------------------------------------|
Office2: ipsec.conf |
------------------------------------------------------|
# basic configuration |
config setup |
interfaces=%defaultroute |
klipsdebug=none |
plutodebug=none |
plutoload=%search |
plutostart=%search |
uniqueids=yes |
|
# defaults for subsequent connection descriptions |
conn %default |
type=tunnel |
keyingtries=0 |
authby=rsasig |
|
# VPN TUNNEL 1 - 2 |
conn 1to2 |
[EMAIL PROTECTED] |
left=213.x.x.113 |
leftsubnet=172.16.0.0/16 |
leftnexthop=213.x.x.2 |
leftfirewall=yes |
leftrsasigkey=cDSCSDCscjsdc........ |
[EMAIL PROTECTED] |
right=151.x.x.4 |
rightsubnet=10.1.0.0/16 |
rightnexthop=151.x.x.1 |
rightfirewall=no |
rightrsasigkey=2dfdrsm043DSDSG............ |
auto=start |
------------------------------------------------------|
if anyone knows where i am going wrong or what steps i could take to better
understand where its all going pear-shaped, any help would be greatly
appreciated.
thanks in advance
andy
