[ previous ] [ next ] [ threads ]
 
 From:  "Andrew Cotter" <andrew dot cotter at somersetcapital dot com>
 To:  "'David Kitchens'" <spider at webweaver dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Multiple IPSEC tunnels between two endpoints
 Date:  Fri, 6 Mar 2009 22:38:12 -0500
OK, here are my settings.  Maybe with all of the info someone will catch
something I am doing wrong here.  With tunnel A working while tunnel B is
shut off or vise versa, I am at a loss.

M0n0wall #1 (v1.235)
  IPSEC for LAN	
	Interface: WAN
	Local subnet 
		Type: LAN Subnet
	Remote subnet: 10.1.0.0/17
	Remote gateway: {public IP of m0n0#2) 	

	Phase 1 proposal (Authentication)
		Negotiation mode: aggressive
		My identifier: My IP address
		Encryption algorithm: Blowfish 	
		Hash algorithm: SHA1
		DH key group: 2
		Lifetime: 28800
		Authentication method: Pre-Shared Key
		Pre-Shared Key: {identical-on-both-sides)
	
	Phase 2 proposal (SA/Key Exchange)
		Protocol: ESP
		Encryption algorithms: Blowfish
		Hash algorithms: SHA1
		PFS key group: 2
		Lifetime 43200

   IPSEC for iSCSI
	Interface: WAN
	Local subnet 
		Type: Network
		Address: 172.16.30.0/24
	Remote subnet: 172.16.40.0/24
	Remote gateway: {public IP of m0n0#2) 	

	Phase 1 proposal (Authentication)
		Negotiation mode: aggressive
		My identifier: --- GIVE ME A GOOD OPTION HERE---
		Encryption algorithm: 3DES
		Hash algorithm: MD5
		DH key group: 2
		Lifetime: 28800
		Authentication method: Pre-Shared Key
		Pre-Shared Key: {something-different-than-tunnel-1)
	
	Phase 2 proposal (SA/Key Exchange)
		Protocol: ESP
		Encryption algorithms: 3DES
		Hash algorithms: MD5
		PFS key group: 2
		Lifetime 43200


M0n0wall #2 (v1.235)
  IPSEC for LAN	
	Interface: WAN
	Local subnet Type: LAN Subnet
	Remote subnet: 10.0.0.0/17
	Remote gateway: {public IP of m0n0#1) 	

	Phase 1 proposal (Authentication)
		Negotiation mode: aggressive
		My identifier: My IP address
		Encryption algorithm: Blowfish 	
		Hash algorithm: SHA1
		DH key group: 2
		Lifetime: 28800
		Authentication method: Pre-Shared Key
		Pre-Shared Key: {identical-on-both-sides)
	
	Phase 2 proposal (SA/Key Exchange)
		Protocol: ESP
		Encryption algorithms: Blowfish
		Hash algorithms: SHA1
		PFS key group: 2
		Lifetime 43200

   IPSEC for iSCSI
	Interface: WAN
	Local subnet 
		Type: Network
		Address: 172.16.40.0/24
	Remote subnet: 172.16.30.0/24
	Remote gateway: {public IP of m0n0#1) 	

	Phase 1 proposal (Authentication)
		Negotiation mode: aggressive
		My identifier: --- GIVE ME A GOOD OPTION HERE---
		Encryption algorithm: 3DES
		Hash algorithm: MD5
		DH key group: 2
		Lifetime: 28800
		Authentication method: Pre-Shared Key
		Pre-Shared Key: {something-different-than-tunnel-1)
	
	Phase 2 proposal (SA/Key Exchange)
		Protocol: ESP
		Encryption algorithms: 3DES
		Hash algorithms: MD5
		PFS key group: 2
		Lifetime 43200


Andrew