the two ends of the tunnel need to be able to see one another under
normal conditions. So 10.x.x.x is not accessible to the internet.
Your tunnel should resemble this (using your diagram as a base)
(10.200.0.0/24) <----> (10.200.0.1)IPSEC-Server(Internet Address) <----
IPSEC Tunnel ---->(Internet
Local IP and local IP range are what ever you want that matches the
"local subnet" type that you set when building the tunnel E.g. this can
be an OPT network, the LAN, your wifi, etc.
1.) If either end of the tunnel has the same (or can local rout to the
same) network segment as the other end uses, you may not get your
packets where you want them. Either write a NAT rule, or renumber one
of the networks.
2.) Make sure you have your shared keys correct, if this is a site to
site (many-many) IPSEC tunnel then you can forego the "pre-shared keys" tab.
3.) Only select the encryption algorithms that will be used on both
ends. Adding extra protocols slows down and may cause the tunnel to fail.
4.) If it doesn't work consult the log on the m0n0wall to see why.
(Remember Cisco uses a proprietary Auth system and will not work with
much less then another Cisco firewall.)
You will also need to add a rule on the WAN interface allowing ESP from
the IP address of the IPSEC-Server in the diagram.
>I don't understand the ipsec-setup. I have this situation
>I want to connect an opt-network to an external ipsec-Server.
>(10.200.0.0/24) <-> ipsec-Server (10.200.0.1) <-> Internet <-> m0n0wall (WAN)
>I added a new NIC (OPT4), on that NIC 5 Clients are connected. This
>clients should be part of the external network (10.200.0.0/24) behind the
>ipsec-Server (Win2003Server, I have no admin-rights for that).
>How do have to configure the OPT4-Device and ipsec at m0n0wall?