[ previous ] [ next ] [ threads ]
 
 From:  Falcor <falcor at netassassin dot com>
 To:  Ronni Jorgensen <rhj underscore mail at rhj dot dk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] VPN ipsec m0n0 to m0n0
 Date:  Sat, 20 Mar 2004 09:50:09 -0600 
you need to forward ESP to the m0n0wall.  UDP/TCP/ICMP are not needed as 
the tunnel will be negociated and established over ESP.  (You can change 
this to AH if you want to.)


Ronni Jorgensen wrote:

>Hi all
>I have 2 m0n0walls, one with a static IP on the WAN port, and a secound m0n0
>bihind a NAT router (also a static IP!)
>---LAN---m0n0----WAN-------INTERNET-------WAN-----ROUTER----NAT----WAN----m0
>n0wall---LAN
>
>192.168.2.0/24----m0n0---80.122.254.21-----INTERNET-----212.242.22.21---ROUT
>ER---10.0.0.0/24----m0n0wall---172.16.10.0
>
>I have forwardet all ports udp/tcp/icmp to the m0n0wall's WAN ip (10.0.0.2).
>But when I configured a Ipsec connection betwin the 2 m0n0walls it's going
>bad! On the m0n0wall behind the NAT I get: 
>
>åØåracoon: ERROR: isakmp.c:1776:isakmp_chkph1there(): phase2 negotiation
>failed due to time up waiting for phase1. ESP 80.122.254.21->10.0.0.2
>- in the logfile. And 10.0.0.2 i not the wan ip! So how can I get it
>working?
>I olso have triede to change the the interface (åØåSelect the interface for
>the local endpoint of this tunnel.) in the ipsec, to my LAN, but then the
>logfile i changing to 80.122.254.21->172.16.10.1 (my lan ip)
>
>Please help!
>
>  
>