[ previous ] [ next ] [ threads ]
 
 From:  "Andreas Grote" <andreas at grote dot se>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  IPSEC m0n0wall to Cisco
 Date:  Thu, 18 May 2006 15:26:17 +0200
Hi,
I've set up a ipsectunnel between two sites using m0n0wall V1.21 (my end)
and a Cisco firewall.

The two lan's connected are 192.168.159.0/24 and 160.160.0.0/16 using 
m0n0wall gateway 213.115.X.Y and cisco endpoint 213.179.X.Y

When I look at the log I seem to get the tunnels connected and I can ping
and also connect using telnet. 

May 17 06:56:47 m0n0wall racoon: INFO: @(#)ipsec-tools 0.6.4
(http://ipsec-tools.sourceforge.net)
May 17 06:56:47 m0n0wall racoon: INFO: @(#)This product linked OpenSSL
0.9.7d-p1 17 Mar 2004 (http://www.openssl.org/)
May 17 06:56:47 m0n0wall racoon: INFO: 127.0.0.1[500] used as isakmp port
(fd=7)
May 17 06:56:47 m0n0wall racoon: INFO: 192.168.2.1[500] used as isakmp port
(fd=8)
May 17 06:56:47 m0n0wall racoon: INFO: 192.168.159.180[500] used as isakmp
port (fd=9)
May 17 06:56:47 m0n0wall racoon: INFO: 213.115.X.Y[500] used as isakmp port
(fd=10)
May 17 06:57:22 m0n0wall racoon: INFO: IPsec-SA request for 213.179.X.Y
queued due to no phase1 found.
May 17 06:57:22 m0n0wall racoon: INFO: initiate new phase 1 negotiation:
213.115.X.Y[500]<=>213.179.X.Y[500]
May 17 06:57:22 m0n0wall racoon: INFO: begin Identity Protection mode.
May 17 06:57:23 m0n0wall racoon: INFO: received Vendor ID: CISCO-UNITY
May 17 06:57:23 m0n0wall racoon: INFO: received Vendor ID: DPD
May 17 06:57:23 m0n0wall racoon: INFO: received Vendor ID:
draft-ietf-ipsra-isakmp-xauth-06.txt
May 17 06:57:23 m0n0wall racoon: INFO: ISAKMP-SA established
213.115.X.Y[500]-213.179.X.Y[500] spi:d833e50d52b4ca35:5200825a44cd8831
May 17 06:57:24 m0n0wall racoon: INFO: initiate new phase 2 negotiation:
213.115.X.Y[0]<=>213.179.X.Y[0]
May 17 06:57:24 m0n0wall /kernel: WARNING: pseudo-random number generator
used for IPsec processing
May 17 06:57:24 m0n0wall racoon: WARNING: ignore RESPONDER-LIFETIME
notification.
May 17 06:57:24 m0n0wall racoon: WARNING: attribute has been modified.
May 17 06:57:24 m0n0wall racoon: INFO: IPsec-SA established: ESP/Tunnel
213.179.X.Y[0]->213.115.X.Y[0] spi=179657441(0xab55ae1)
May 17 06:57:24 m0n0wall racoon: INFO: IPsec-SA established: ESP/Tunnel
213.115.X.Y[0]->213.179.X.Y[0] spi=2345433523(0x8bcc79b3)


The problem starts when I try to connect to the webserver on the remote site
or at least try to communicate with larger packets. 
I just get a time out in the webbrowser saying the page can not be
displayed.
What could be wrong? 


Andy
_______________________________________