On Mon, Dec 31, 2012 at 1:35 PM, Jochen Boutens < [email protected]> wrote:
> Hello,**** > > ** ** > > You are absolutely right, the problem is a route that I cannot remove. I > forgot it was in place. > The NetASQ guide makes the client use it’s own IP address. Is a setup > possible in combination with NetASQ where an extra virtual adaptor is used > in the client? > Hi Jochen You need to try... You use V8 or V9 Firmware ? Regards, > **** > > ** ** > > Met vriendelijke groeten,**** > > ** ** > > *Boutens Jochen* > Email: [email protected]**** > > ** ** > > ** ** > > *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Alexis > La Goutte > *Sent:* maandag 31 december 2012 10:57 > *To:* Jochen Boutens > > *Cc:* [email protected] > *Subject:* Re: [vpn-help] IPSec VPN to NetASQ not working when client > inside same network class.**** > > ** ** > > ** ** > > On Mon, Dec 31, 2012 at 9:58 AM, Jochen Boutens < > [email protected]> wrote:**** > > Hello, **** > > **** > > (Some items have been changed, mail addresses, server address, subnets > have been changed to another subnet in the same class)**** > > **** > > VPN Client config export:**** > > **** > > n:version:4**** > > n:network-ike-port:500**** > > n:network-mtu-size:1380**** > > n:client-addr-auto:1**** > > n:network-natt-port:4500**** > > n:network-natt-rate:15**** > > n:network-frag-size:540**** > > n:network-dpd-enable:1**** > > n:client-banner-enable:0**** > > n:network-notify-enable:1**** > > n:client-dns-used:1**** > > n:client-dns-auto:0**** > > n:client-dns-suffix-auto:0**** > > n:client-splitdns-used:1**** > > n:client-splitdns-auto:0**** > > n:client-wins-used:0**** > > n:client-wins-auto:0**** > > n:phase1-dhgroup:2**** > > n:phase1-keylen:128**** > > n:phase1-life-secs:21600**** > > n:phase1-life-kbytes:0**** > > n:vendor-chkpt-enable:0**** > > n:phase2-keylen:128**** > > n:phase2-life-secs:3600**** > > n:phase2-life-kbytes:0**** > > n:policy-nailed:0**** > > n:policy-list-auto:0**** > > s:network-host:vpn.fake.com**** > > s:client-auto-mode:disabled**** > > s:client-iface:direct**** > > s:network-natt-mode:enable**** > > s:network-frag-mode:enable**** > > s:client-dns-addr:10.10.68.5**** > > s:client-dns-suffix:fake.com**** > > s:auth-method:mutual-psk**** > > s:ident-client-type:ufqdn**** > > s:ident-server-type:ufqdn**** > > s:ident-client-data:[email protected]**** > > s:ident-server-data:[email protected]**** > > b:auth-mutual-psk:CompletelyFakeKey**** > > s:phase1-exchange:aggressive**** > > s:phase1-cipher:aes**** > > s:phase1-hash:sha1**** > > s:phase2-transform:esp-aes**** > > s:phase2-hmac:sha1**** > > s:ipcomp-transform:disabled**** > > n:phase2-pfsgroup:2**** > > s:policy-level:unique**** > > s:policy-list-include:10.10.68.0 / 255.255.255.0**** > > **** > > Ifconfig on the device:**** > > >ifconfig**** > > em0: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,PPROMISC> > mtu 1504**** > > options=5b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,POLLING>**** > > ether 00:0d:b4:09:27:db**** > > media: Ethernet autoselect (1000baseTX <full-duplex>)**** > > status: active**** > > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 1500**** > > inet 127.0.0.1 netmask 0xffffff00 **** > > lo1: flags=8009<UP,LOOPBACK,MULTICAST> mtu 1500**** > > lo2: flags=8009<UP,LOOPBACK,MULTICAST> mtu 1500**** > > lo3: flags=8009<UP,LOOPBACK,MULTICAST> mtu 1500**** > > lo4: flags=8009<UP,LOOPBACK,MULTICAST> mtu 1500**** > > lo5: flags=8009<UP,LOOPBACK,MULTICAST> mtu 1500**** > > enc0: flags=41<UP,RUNNING> mtu 1536**** > > eth0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500* > *** > > options=8<VLAN_MTU>**** > > inet 91.*.*.* netmask 0xffffffe0 broadcast 91.*.*.***** > > ether 00:0d:b4:09:29:1c**** > > media: Ethernet autoselect (100baseTX <full-duplex>)**** > > status: active**** > > eth1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500* > *** > > options=8<VLAN_MTU>**** > > ether 00:0d:b4:09:29:1c**** > > media: Ethernet autoselect**** > > eth2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500* > *** > > options=8<VLAN_MTU>**** > > inet 10.10.68.254 netmask 0xffffff00 broadcast 10.10.68.255**** > > inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255**** > > inet 10.10.61.254 netmask 0xffffff00 broadcast 10.10.61.255**** > > inet 10.10.62.254 netmask 0xffffff00 broadcast 10.10.62.255**** > > ether 00:0d:b4:09:29:1e**** > > media: Ethernet autoselect (1000baseTX <full-duplex>)**** > > status: active**** > > eth3: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500**** > > options=8<VLAN_MTU>**** > > ether 00:0d:b4:09:29:1f**** > > media: Ethernet autoselect**** > > eth4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500**** > > options=8<VLAN_MTU>**** > > inet 192.168.231.2 netmask 0xfffffffc broadcast 192.168.231.3**** > > ether 00:0d:b4:09:27:e0**** > > media: Ethernet autoselect (1000baseTX <full-duplex>)**** > > status: active**** > > eth5: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500**** > > options=8<VLAN_MTU>**** > > inet 192.168.231.6 netmask 0xfffffffc broadcast 192.168.231.7**** > > ether 00:0d:b4:09:27:e1**** > > media: Ethernet autoselect (1000baseTX <full-duplex>)**** > > status: active**** > > **** > > Met vriendelijke groeten,**** > > **** > > *Boutens Jochen* > Email: [email protected]**** > > **** > > Hi Jochen, > Thanks for information. > No static route in your VPN Gateway ? (to any 10.x.x network ?) > It is possible to add also VPN Logs ? (from your VPN Gateway) > > **** > > **** > > *From:* [email protected] [mailto:[email protected]] *On Behalf Of *Alexis > La Goutte > *Sent:* zondag 30 december 2012 18:07 > *To:* [email protected] > *Cc:* [email protected] > *Subject:* Re: [vpn-help] IPSec VPN to NetASQ not working when client > inside same network class.**** > > **** > > Hi Jochen, > > It is possible to attach your configuration ? > How to your VPN Gateway is configured ? (it is possible to attach a ifinfo > ?) > > Regards,**** > > On Fri, Dec 28, 2012 at 8:12 AM, Finalbeta <[email protected]> wrote:*** > * > > Hello list,**** > > **** > > I’m facing a problem with the VPN client (I think it is the client part) > when my client is inside the same network class. **** > > My tested clients are windows 7 or 8. > > My company subnet is 10.10.5.0/24 and 10.10.6.0/24**** > > My clients have no problem when they are inside a class B or C subnet. (So > clients connecting from 172.16.* or 192.168.* have no problem connecting)* > *** > > The same clients connecting from a local 10.10.*/24 can set up the ipsec > tunnel to the company, but it times out. I can get no traffic across it. > After several seconds the client gets disconnected. **** > > **** > > I’m using the netasq guide from the wiki. I’ve configured the remote > networks manually inside the configuration and I am using the local IP > address on the client. **** > > **** > > Thank you**** > > Jochen ([email protected])**** > > **** > > > _______________________________________________ > vpn-help mailing list > [email protected] > http://lists.shrew.net/mailman/listinfo/vpn-help**** > > **** > > ** ** >
_______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
