[ previous ] [ next ] [ threads ]
 From:  "Scott Pettit" <scott at pettit dot co dot nz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Cisco 857 and m0n0wall IPSec
 Date:  Fri, 13 Apr 2007 19:28:39 -0400
I had ip route dialer0 so it should have routed
everything there anyhow.

In the end I gave up and put the old m0n0 along side the Cisco as I
really needed to get things going ASAP, with a static route on the Cisco
to send all traffic destined for to the m0n0's LAN
interface instead.

This works, but it would be nice to have a single device.


> -----Original Message-----
> From: krt [mailto:kkrrtt at gmail dot com]
> Sent: Saturday, 14 April 2007 10:55 a.m.
> To: m0n0wall; Scott Pettit
> Subject: Re: [m0n0wall] Cisco 857 and m0n0wall IPSec
> Guessing the problem:
> The Kumeu side needs to route the packets for out the
> interface that your crypto map is applied to, i.e. Dialer0:
> ip route dialer0
> Nit picking:
> The encryption domains don't need to be like that - they only apply
> outbound traffic.  In other words:
> ip access-list extended ALBANY-VPN
>   permit ip
>   deny   ip any any
> basically:
> "permit <protocol> <local network> <remote network>"
> Awareness:
> The mtu on Dialer0 should be around 1420