Hi guys
I have to monowalls in my network, this is a description:
LAN 10.91.0.0/23
|
________|________
monowall
-----------------------------
| | WAN IP 10.0.0.5/23
| | IPsec
| |
_______ | |_______ WAN IP 10.0.0.3/23
monowall
-----------------------------
|
|
LAN 10.0.254.1/24
I've made the basic configuration for the vpn tunnel in both sides.
this are the values:
Negotiation mode main
My identifier My IP address
Encryption algorithm 3DES
Hash algorithm MD5
DH key group 2
Protocol ESP
Encryption algorithms 3DES
Hash algorithms MD5
PFS key group 2
and the logs are:
Jan 7 09:48:05 racoon: INFO: isakmp.c:808:isakmp_ph1begin_i():
initiate new phase 1 negotiation: 10.0.0.3[500]<=>10.0.0.5[500]
Jan 7 09:48:05 racoon: INFO: isakmp.c:813:isakmp_ph1begin_i(): begin
Identity Protection mode.
Jan 7 09:48:05 racoon: INFO: vendorid.c:128:check_vendorid(): received
Vendor ID: KAME/racoon
Jan 7 09:48:05 racoon: INFO: vendorid.c:128:check_vendorid(): received
Vendor ID: KAME/racoon
Jan 7 09:48:06 racoon: INFO: isakmp.c:2459:log_ph1established():
ISAKMP-SA established 10.0.0.3[500]-10.0.0.5[500]
spi:9ebb6c6c2cb0b35b:3bcc147f0eb8cf97
Jan 7 09:48:07 racoon: INFO: isakmp.c:952:isakmp_ph2begin_i():
initiate new phase 2 negotiation: 10.0.0.3[0]<=>10.0.0.5[0]
Jan 7 09:44:51 last message repeated 2 times
Jan 7 09:48:07 /kernel: WARNING: pseudo-random number generator used
for IPsec processing
Jan 7 09:48:07 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA
established: ESP/Tunnel 10.0.0.5->10.0.0.3 spi=37791830(0x240a856)
Jan 7 09:48:07 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA
established: ESP/Tunnel 10.0.0.3->10.0.0.5 spi=229127567(0xda8358f)
It seems that work fine, but I cann't see the subnets from both sides.
I cann't ping the computers from one lan to another,
may be I have to make NAT rules in both sides???
any ideas,suggestions ??
Thanks | 