[ previous ] [ next ] [ threads ]
 
 From:  "RP Smith" <rpsmith at hotmail dot com>
 To:  dfitts at asl dot lib dot ar dot us, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Simple Setup for Site to Site IPsec. Help what am I forgetting
 Date:  Mon, 09 Jan 2006 14:35:40 -0600
I'm not sure but I think your remote subnets should all end in "n.n.n.0/24"

Also, I think the phase 1 lifetime should be larger than the phase 2 
lifetime. I use 86400 for phase one and 43200 for phase 2.

Roy...

----Original Message Follows----
From: "Darrell L. Fitts" <dfitts at asl dot lib dot ar dot us>
To: <m0n0wall at lists dot m0n0 dot ch>
Subject: [m0n0wall] Simple Setup for Site to Site IPsec. Help what am I 
forgetting
Date: Mon, 9 Jan 2006 10:09:22 -0600
MIME-Version: 1.0
Received: from s0.m0n0.ch ([62.2.215.148]) by bay0-mc1-f12.bay0.hotmail.com 
with Microsoft SMTPSVC(6.0.3790.211); Mon, 9 Jan 2006 08:07:21 -0800
Received: (qmail 76898 invoked by uid 89); 9 Jan 2006 16:05:17 -0000
Received: (qmail 76890 invoked from network); 9 Jan 2006 16:05:17 -0000
X-Message-Info: JGTYoYF78jGTRxJlOv+x2autQHqkokHJzApkvf9GU5w=
Mailing-List: contact m0n0wall dash help at lists dot m0n0 dot ch; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Post: <mailto:m0n0wall at lists dot m0n0 dot ch>
List-Help: <mailto:m0n0wall dash help at lists dot m0n0 dot ch>
List-Unsubscribe: <mailto:m0n0wall dash unsubscribe at lists dot m0n0 dot ch>
List-Subscribe: <mailto:m0n0wall dash subscribe at lists dot m0n0 dot ch>
Delivered-To: mailing list m0n0wall at lists dot m0n0 dot ch
Content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.5.7226.0
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Simple Setup for Site to Site IPsec. Help what am I forgetting
Thread-Index: AcYVNw3OWYu2Kn3jT6ewkoLnui/KSw==
Return-Path: m0n0wall-return-23694-rpsmith=hotmail dot com at lists dot m0n0 dot ch
X-OriginalArrivalTime: 09 Jan 2006 16:07:22.0254 (UTC) 
FILETIME=[C6185AE0:01C61536]

I have 2 m0n0wall firewalls. I need both LANs to talk to each other. I'm
unable to ping anything behind the firewall from the other network.

Do I need to set a Static route or something? I don't know what else to
try. Thanks for reading.



I opened up a Firewall Rule to let ESP protocols come in from each
firewall.



When I look under Diagnostics: IPsec, SPD tab on both firewalls, it has



Site1

Source              Destination        Direction           Protocol
Tunnel endpoints

192.168.2.1/24   192.168.1.0/24   -->                    ESP
208.180.xyz.xyz-150.208.abc.abc

192.168.1.0/24   192.168.2.1/24   -->                     ESP
150.208.abc.abc-208.180.xyz.xyz





Site2

Source              Destination        Direction           Protocol
Tunnel endpoints

192.168.1.1/24   192.168.2.0/24   -->                    ESP
150.208.abc.abc-208.180.xyz.xyz

192.168.2.0/24   192.168.1.1/24   -->                     ESP
208.180.xyz.xyz-150.208.abc.abc





Site1 info

LAN Network 192.168.1.1/24

LAN interface 192.168.1.1

WAN 150.208.abc.abc



Site 2 info

LAN Network 192.168.2.1/24

LAN interface 192.168.1.1

WAN 208.180.xyz.xyz



Site 1 IPsec Configurations



Interface WAN

Remote subnet 192.168.1.1/24

Remote Gateway 150.208.abc.abc



Aggressive

Blowfish

SHA1

DH Key = 2

Lifetime = 28000

Pre-shared key

Pre-shared key = abc12345



Protocal=ESP

Encryption=Blowfish

Hash= SHA1

PFS key = 2

Lifetime = 86400



Site 2 IPsec Configurations



Interface WAN

Remote subnet 192.168.2.1/24

Remote Gateway 208.180.xyz.xyz



Aggressive

Blowfish

SHA1

DH Key = 2

Lifetime = 28000

Pre-shared key

Pre-shared key = abc12345



Protocal=ESP

Encryption=Blowfish

Hash= SHA1

PFS key = 2

Lifetime = 86400









Darrell Fitts

System Administrator

Arkansas State Library

501-682-1849