Hi everybody!
I have a difficult problem and it is about VPN Site to Site but most of all Routing, NAT, Masquerading.
First of all I'm using ASL 4.022.
I have a client which makes his firewalls with Linux, FreeS/Wan and iptables by himself. This client told me the requirements which are as follows. The client as a Headquarter with multiple subbranches so he choose 172.30.0.0/15 as my remote endpoint for the VPN Tunnel. My local net is 10.212.0.0/16. So he doesn't need to route my LAN in all his subbranches he asked me to have 172.30.128.0/24 as my local endpoint for the Tunnel and additionaly to set up a snat rule from my local net (10.212.0.0/16) to lets say 172.30.128.1.
So well, the tunnel worked fine, that's the reason why I'm posting here.
The point is, that my packages where not routed to the tunnel and I don't have a clue why. When I made a tcpdump on my internal nic, the traffic came in, but never ended up in the tunnel (no traffic on ipsec0 nor esp packages on external nic). So my client tells me for this to work, I need to give my internal nic an alias which is in the local endpoint subnet, so I gave it 172.30.128.1. But still it didn't work?????
Has anybody had something like that before, does anybody know a solution for that and is it even possible?
Thanks in advance for all your answers and thoughts, I really appreciate it.
Henrik [:(]
This thread was automatically locked due to age.