|
||||||||||
I have forwarded all ports/esp (AH don’t work behind NAT!)!! -----Oprindelig meddelelse----- Fra: Falcor [mailto:falcor at netassassin dot com] Sendt: 20. marts 2004 16:50 Til: Ronni Jorgensen Cc: m0n0wall at lists dot m0n0 dot ch Emne: Re: [m0n0wall] VPN ipsec m0n0 to m0n0 you need to forward ESP to the m0n0wall. UDP/TCP/ICMP are not needed as the tunnel will be negociated and established over ESP. (You can change this to AH if you want to.) Ronni Jorgensen wrote: >Hi all >I have 2 m0n0walls, one with a static IP on the WAN port, and a secound >m0n0 bihind a NAT router (also a static IP!) >---LAN---m0n0----WAN-------INTERNET-------WAN-----ROUTER----NAT----WAN- >---m0 >n0wall---LAN > >192.168.2.0/24----m0n0---80.122.254.21-----INTERNET-----212.242.22.21-- >-ROUT ER---10.0.0.0/24----m0n0wall---172.16.10.0 > >I have forwardet all ports udp/tcp/icmp to the m0n0wall's WAN ip (10.0.0.2). >But when I configured a Ipsec connection betwin the 2 m0n0walls it's >going bad! On the m0n0wall behind the NAT I get: > >åØåracoon: ERROR: isakmp.c:1776:isakmp_chkph1there(): phase2 >negotiation failed due to time up waiting for phase1. ESP >80.122.254.21->10.0.0.2 >- in the logfile. And 10.0.0.2 i not the wan ip! So how can I get it >working? >I olso have triede to change the the interface (åØåSelect the interface >for the local endpoint of this tunnel.) in the ipsec, to my LAN, but >then the logfile i changing to 80.122.254.21->172.16.10.1 (my lan ip) > >Please help! > > > --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |