|
||||||||
Well that fixed it. It just took a second pair of eyes to see something I should have known better to do. Thanks Darrell -----Original Message----- From: RP Smith [mailto:rpsmith at hotmail dot com] Sent: Monday, January 09, 2006 2:36 PM To: Darrell L. Fitts; m0n0wall at lists dot m0n0 dot ch Subject: RE: [m0n0wall] Simple Setup for Site to Site IPsec. Help what am I forgetting I'm not sure but I think your remote subnets should all end in "n.n.n.0/24" Also, I think the phase 1 lifetime should be larger than the phase 2 lifetime. I use 86400 for phase one and 43200 for phase 2. Roy... ----Original Message Follows---- From: "Darrell L. Fitts" <dfitts at asl dot lib dot ar dot us> To: <m0n0wall at lists dot m0n0 dot ch> Subject: [m0n0wall] Simple Setup for Site to Site IPsec. Help what am I forgetting Date: Mon, 9 Jan 2006 10:09:22 -0600 MIME-Version: 1.0 Received: from s0.m0n0.ch ([62.2.215.148]) by bay0-mc1-f12.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Mon, 9 Jan 2006 08:07:21 -0800 Received: (qmail 76898 invoked by uid 89); 9 Jan 2006 16:05:17 -0000 Received: (qmail 76890 invoked from network); 9 Jan 2006 16:05:17 -0000 X-Message-Info: JGTYoYF78jGTRxJlOv+x2autQHqkokHJzApkvf9GU5w= Mailing-List: contact m0n0wall dash help at lists dot m0n0 dot ch; run by ezmlm Precedence: bulk X-No-Archive: yes List-Post: <mailto:m0n0wall at lists dot m0n0 dot ch> List-Help: <mailto:m0n0wall dash help at lists dot m0n0 dot ch> List-Unsubscribe: <mailto:m0n0wall dash unsubscribe at lists dot m0n0 dot ch> List-Subscribe: <mailto:m0n0wall dash subscribe at lists dot m0n0 dot ch> Delivered-To: mailing list m0n0wall at lists dot m0n0 dot ch Content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0 X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Simple Setup for Site to Site IPsec. Help what am I forgetting Thread-Index: AcYVNw3OWYu2Kn3jT6ewkoLnui/KSw== Return-Path: m0n0wall-return-23694-rpsmith=hotmail dot com at lists dot m0n0 dot ch X-OriginalArrivalTime: 09 Jan 2006 16:07:22.0254 (UTC) FILETIME=[C6185AE0:01C61536] I have 2 m0n0wall firewalls. I need both LANs to talk to each other. I'm unable to ping anything behind the firewall from the other network. Do I need to set a Static route or something? I don't know what else to try. Thanks for reading. I opened up a Firewall Rule to let ESP protocols come in from each firewall. When I look under Diagnostics: IPsec, SPD tab on both firewalls, it has Site1 Source Destination Direction Protocol Tunnel endpoints 192.168.2.1/24 192.168.1.0/24 --> ESP 208.180.xyz.xyz-150.208.abc.abc 192.168.1.0/24 192.168.2.1/24 --> ESP 150.208.abc.abc-208.180.xyz.xyz Site2 Source Destination Direction Protocol Tunnel endpoints 192.168.1.1/24 192.168.2.0/24 --> ESP 150.208.abc.abc-208.180.xyz.xyz 192.168.2.0/24 192.168.1.1/24 --> ESP 208.180.xyz.xyz-150.208.abc.abc Site1 info LAN Network 192.168.1.1/24 LAN interface 192.168.1.1 WAN 150.208.abc.abc Site 2 info LAN Network 192.168.2.1/24 LAN interface 192.168.1.1 WAN 208.180.xyz.xyz Site 1 IPsec Configurations Interface WAN Remote subnet 192.168.1.1/24 Remote Gateway 150.208.abc.abc Aggressive Blowfish SHA1 DH Key = 2 Lifetime = 28000 Pre-shared key Pre-shared key = abc12345 Protocal=ESP Encryption=Blowfish Hash= SHA1 PFS key = 2 Lifetime = 86400 Site 2 IPsec Configurations Interface WAN Remote subnet 192.168.2.1/24 Remote Gateway 208.180.xyz.xyz Aggressive Blowfish SHA1 DH Key = 2 Lifetime = 28000 Pre-shared key Pre-shared key = abc12345 Protocal=ESP Encryption=Blowfish Hash= SHA1 PFS key = 2 Lifetime = 86400 Darrell Fitts System Administrator Arkansas State Library 501-682-1849 |