[ previous ] [ next ] [ threads ]
 
 From:  "Jason J. Ellingson" <jason at ellingson dot com>
 To:  "'Gerry Weaver'" <gerryw at ctwa dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] IPSec Help!!!
 Date:  Thu, 14 Oct 2004 21:17:43 -0500 
Box 1 (firewall.domain1.com):
=============================
Tunnels tab...
Edit tunnel...

Mode: Tunnel
Disabled: unchecked
Auto-establish: unchecked
Interface: WAN
Local subnet: LAN subnet
Remote Subnet: 192.168.4.0 / 24
Remote Gateway: <Box 2's WAN IP>
Description: domain2.net
Negotiation mode: aggressive
My identifier: Domain name | firewall.domain1.com
Encryption algorithm: Blowfish
Hash algorithm: SHA1
DH key group: 2
Lifetime: 28800
Pre-Shared Key: HelloFromBox1
Protocol: ESP
Encryption algorithms: only Blowfish checked
Hash algorithms: only SHA1 checked
PFS key group: 2
Lifetime: 86400
--
Pre-shared key tab...
Edit key...

Identifier: firewall.domain2.net
Pre-shared key: HiFromBox2
------------------------------------------------------------
Box 2 (firewall.domain2.net):
=============================
Tunnels tab...
Edit tunnel...

Mode: Tunnel
Disabled: unchecked
Auto-establish: unchecked
Interface: WAN
Local subnet: LAN subnet
Remote Subnet: 192.168.1.0 / 24
Remote Gateway: <Box 1's WAN IP>
Description: domain1.com
Negotiation mode: aggressive
My identifier: Domain name | firewall.domain2.net
Encryption algorithm: Blowfish
Hash algorithm: SHA1
DH key group: 2
Lifetime: 28800
Pre-Shared Key: HiFromBox2
Protocol: ESP
Encryption algorithms: only Blowfish checked
Hash algorithms: only SHA1 checked
PFS key group: 2
Lifetime: 86400
--
Pre-shared key tab...
Edit key...

Identifier: firewall.domain1.com
Pre-shared key: HelloFromBox1
------------------------------------------------------------
Does this help everyone out?
------------------------------------------------------------
Jason J Ellingson
Technical Consultant

615.301.1682 : nashville
612.605.1132 : minneapolis

www.ellingson.com
jason at ellingson dot com

-----Original Message-----
From: Gerry Weaver [mailto:gerryw at ctwa dot com] 
Sent: Thursday, October 14, 2004 8:39 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] IPSec Help!!!

Hello All,

I am trying to create an IPSEC VPN between two net4511's. I have read 
the user guide as well as the list archive. I have checked and rechecked 
the IPSec settings between the to boxes and they are identical. I  am 
completely out of ideas. Would someone be so kind as to point me in the 
right direction?  Any help would be much appreciated.

Thanks in advance,
Gerry

The system log shows "failed to get sainfo" and "failed to preprocess 
packet".

My Config:

(2) Net4511
M0n0wall 1.1
Each box has a public WAN address
Box 1 network: 192.168.1.0/24
Box 2 network: 192.168.4.0/24

IPSec Seetings

WAN
LAN Subnet
192.168.1.0/24
xx.xx.xx.xx
Test-1
Aggressive
My IP Address
Blowfish
MD5
2
28800
vpn-test-secret
ESP
Blowfish
MD5
2
43200



---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch