|
||||||||||
On Thu, 2004-01-01 at 16:19, Ian Cartwright wrote: > On Wed, 2003-12-31 at 18:38, Chad R. Larson wrote: > > At 05:23 PM 12/31/2003, Ian Cartwright wrote: > > >I set up a m0n0wall box today and I am having issues with IPSEC. I am able > > >to configure an IPSEC tunnel and configure rules that allow traffic > > >through the tunnel, however, I do not receive a response from any hosts on > > >the other side of the tunnel. > > > > I have an IKE/IPsec tunnel up with a Sun E250 running Checkpoint Firewall-1 > > on the remote end. It took nothing fancy. > > > > -crl > > Chad, > > That's good news. Are you NATing all of your outbound traffic through > your m0n0wall box per chance? > > Ian > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > All, I figured this one out finally. The issue is that in replicating my existing IPSec config, I put in multiple encryption and hash algorithms for Phase 2 (i.e. Rijndael 256 and 3DES). What I didn't realize is that the ordering was different when I used the M0n0wall GUI versus my old racoon.conf file. This meant that the proposal chosen by Phase 2 did not match the encryption requirements of the rules on the far side of the tunnel. The fix in this case was to choose just the encryption and hash algorithms necessary to meet the requirements of the other gateway and leave nothing else enabled. Thanks for your earlier response Chad. Cheers, Ian |