[ previous ] [ next ] [ threads ]
 
 From:  Bill Hamel <billh at bugs dot hamel dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  IpSec Tunnel Sanity check please
 Date:  Fri, 19 Nov 2004 15:18:05 -0500
Hello all,

I have a m0n0 1.11 configured with an IPSec Tunnel to a Watchguard Firebox
III/700.

The tunnels appear to be up.

Only using ping and HTTP at this point for tests. The WAN port of each end
traverses the internet.

Network A = 10.10.80.0/24 (m0n0wall)
Network B = 192.168.1.0/24 (Watchguard Firebox)

From anything on "B" you can ping and HTTP to "A" (The m0n0 LAN interface)
From anything "A" you cannot ping or HTTP to anything on "B" 

The tunnel must be up else I would not be seeing pings in one of the directions
with SRC and DST in private IP space. Not to mention the m0n0 in diag show the
session active.

Going out on a limb I'll say that the rules on the Watchguard are correct
because I have VPN's running to other devices (non-m0n0) just fine.

So this raises the question, I read in the manual and saw that the m0n0 creates
it's own rules when creating an IPSEC tunnel, which I don't see in the "Rules"
Section but in the Diag section I see what appear to be rules (maybe).

I did set up a rule for ESP just for kicks, but it didnt seem to change
anything.

Is there a ruleset I am missing or something ? I have the default any->LAN->any
rule setup as well as allowing ESP from any source to the WAN IP of the m0n0.

Any insight or smacks in the head would be appreciated at this point because my
eyes are crossing :)

Thank you in advance,
-bh

 

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

-- 
This message has been scanned for viruses and
dangerous content by the Bugs.Hamel.Net MailScanner, 
and appears to be clean.