|
||||||||
I'm not familiar with Netscreen . . . . . I'd say try unique FQDNs for each tunnel . . . . . . beyond that I'd have no idea besides double checking the IPs for local/remote to make sure they are going the right direction . . . . . . . David Z ----- Original Message ----- From: "Kenman Wong" <kenman dot wong at iaspec dot com> To: <m0n0wall at lists dot m0n0 dot ch> Sent: Thursday, March 02, 2006 8:45 PM Subject: Re: [m0n0wall] Hub-And-Spoke VPN > Hi, > > I've just started reading this post and I am asked to configure a > hub-spoke VPN for our offices. We have 3 offices location with the central > office having static IP and the two branch offices using dynamic IPs. > > Hub LAN : 10.1.x.x > Spoke #1 LAN : 10.11.x.x > Spoke #2 LAN : 10.21.x.x > > I only use M0n0wall on the two Spokes while the Hub is a Netscreen 100 > device. I can get both MW's and the NS-100 to connect an IPsec tunnel > between each other. Once I create and start the second set of tunnels to > route traffic from Spoke #1 to Spoke #2, both tunnels will close and they > fail Phase 1 negotiation. My NS-100 tells me about not finding the correct > Phase 1 scheme. My guess is NS-100 gets confused which tunnel it is > negotiating with. > > So if we do the second set of tunnels, do we create a tunnel with an > entirely different Pre-shared key/secret? How about the My Identifier? I > use "User FQDN" followed by an email address on the MW's with Aggressive > negotiation. Does the second set of tunnel must use a different "User > FQDN"? > > cheers, > Kenman > > > Dan Firac wrote: >> Hello all, >> >> Can m0n0wall be configured for a Hub-And-Spoke VPN with communication >> between spokes? >> >> TIA, >> Dan. >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > |