|
||||||||||
Manuel, Thanks much for letting me know it works... I connected it up again and checked, the fragments were already allowed on the default LAN -> any rule. I poked around a little more and tried unchecking the box on the WAN interface page that blocks private network traffic, that did the trick. I really love the firewall and want to install it at a customer site, but they use VPN connections now and I really need to get a little information on how to set up a simple IKE exchange, pre-shared key, 3des, vpn with SafeNet client. Could you give me a little hint? They need to set up a real DMZ with a web server accessing a secure database at the back end. From what I have seen, the m0n0wall will do the trick nicely. Thanks for the great little firewall, BTW I saw it on TechTV and jumped in, I wanted to play too! ;-) Eileen eileen at kelltech dot biz -----Original Message----- From: Manuel Kasper [mailto:mk at neon1 dot net] Sent: Thursday, January 08, 2004 12:26 AM To: Eileen Kelleher Cc: m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] m0n0wall does not pass IPSEC traffic? Eileen Kelleher said: > I have encountered a serious problem, at least for me. The firewall > does not seem to be able to pass any IPSEC traffic from the LAN segment > to the WAN connection. Does anyone have a clue what I could do to > enable this? > > I lowered the MTU to ensure encapsulation wouldn't be the problem, this > fixed it for a NetScreen firewall when I encountered the same symptoms > before. > > I am using a safenet client on a windows XP system to connect out to a > remote netscreen endpoint. It gets a connection but cannot pass any > traffic. I have a SafeNet SoftRemote client running on a Win XP notebook behind my m0n0wall at home, too. It connects to a ZyWALL and works flawlessly. You may have to allow fragments in your default LAN -> any rule, though. HTH, Manuel |