Hi All,

I have 2 monowalls set up in a test environment and am trying to bring up an IPSEC tunnel between
them.  However, it does seem to be working and they do not show up in SAD under the IPSEC DIAG.
page.  Before I illustrate the architecture I'd like to add that I can ping each WAN IP address from
each monowall, but I can only ping their respective LAN address and test LAN hosts intermittently,
when it does NOT work I see "echoreply" deny statements on the source WAN port even though I have an
ICMP permit any rule on both WAN ports.  I am not sure if this issues is related to the VPN tunnel
not coming up.  Here is the layout:

RH LAN: monowall

Network: 148.85.158.16/29
LAN Int:  148.85.158.17
WAN Int: 148.85.158.25 (connects to VLAN 358 148.85.158.26 /29 on Cisco 6509)


AC LAN: monowall

Network: 148.85.158.8/29
LAN int: 148.85.158.9
WAN int: 148.85.158.1 (connects to VLAN 157 148.85.158.2 /29 on Cisco 6509)


__________


RH LAN VPN Settings:

Interface:    WAN
Local Subnet:    LAN Subnet
Remote Subnet:    148.85.158.8 /29
Remote Gateway:    148.85.158.1
Nego. Mode:    Aggressive
My ID:    My IP address
Encyp. alg.:    Blowfish
Hash algorithm:    SHA1
DH key group:    2
Lifetime:    28800
Authentication method:    Pre-shared key
Pre-Shared Key:    test

Protocol:    ESP
Encryption algorithms:    Blowfish
Hash algorithms:    SHA1
PFS key group:    2
Lifetime:    86400




AC LAN VPN Settings:

Interface:    WAN
Local Subnet:    LAN Subnet
Remote Subnet:    148.85.158.16 /29
Remote Gateway:    148.85.158.25
Nego. Mode:    Aggressive
My ID:    My IP address
Encyp. alg.:    Blowfish
Hash algorithm:    SHA1
DH key group:    2
Lifetime:    28800
Authentication method:    Pre-shared key
Pre-Shared Key:    test

Protocol:    ESP
Encryption algorithms:    Blowfish
Hash algorithms:    SHA1
PFS key group:    2
Lifetime:    86400

__________


So that is an eye full.  I hope someone can help.  Thank you.


Brian