[ previous ] [ next ] [ threads ]
 
 From:  David Bottrill <david at bottrill dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] I don't want to go back using Cisco....
 Date:  Tue, 17 May 2005 22:25:28 +0100
On Tuesday 17 May 2005 17:41, Carlo Landmeter wrote:
> Sorry to bump this message again but im afraid that if i cannot solve this
> issue I will have to replace the m0n0wall with our Cisco 1760 which i
> really do not want to do. Anyone any idea what is going wrong? If i need to
> provide additional information please let me know.
>
> Thx
>
> I'm using m0n0wall version 1.2b3 on a wrap board. From our provider we
> receive a subnet of 16 ip's which we can use. The m0n0wall is acting as
> router and firewall for this subnet. I am using the 3 interfaces as
> folowed.
>
> WAN 81.*.*.*/30
> LAN 10.*.*.*/24
> DMZ 81.*.*.*/28
>
> I have disabled NAT by enabling advanced outbound NAT for the DMZ and added
> a mapping to enable NAT for the lan interface.
> One of the devices on the DMZ interface is a Cisco trying to run a GRE VPN
> tunnel but it seems as if the m0n0wall is blocking the tunnel.
> When i look into the firewall logs it doesnt display anything blocked.
> The m0n0wall itself is running the PPTP server which is running just fine
> (also with GRE protocol).
>
> Does anybody have an idea why i cannot create the tunnel with that Cisco?
>
> Thx.
>
> Carlo

Just a thought did you add a firewall rule to allow isakmp on UDP 500 for the 
key exchange?

David
-- 
David Bottrill

david at bottrill dot org
www.bottrill.org
Registered Linux user number 330730
Internet SIP Phone: 1-747-244-2699