Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 873 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN

Zezula Jan
Hello all,

im trying to set VPN. 

VPN status: enable
IKE Debugging: enable

VPN name: s-net

Perfect Forwarding Secrecy: yes
Secure Association: ike
Authentication method: secret
Local interface: extif
Remote IP: some host ip

with this settings asl should be accepting connections from "some host ip" right ?
but.. if i try to ping from "some host ip" to asl box.. i dont receive "echo reply" packets
in Packet filter live log i can see this packets(they are droped). Next was allowing any incominng and outgoing packets from/to "some ip host". without success.. it's still droping packets.

any sugestions ?

Thanks

Jan


This thread was automatically locked due to age.
Parents
  • 0
    Hi Jan,

    can you verify under VPN/LiveLog, if the tunnel is up and running ? (IPSEC SA established)

    And you have to add a Packet Filter rule for the traffic coming through the tunnel.
    If you want to enable ping through the tunnel, add the according packetfilter rule.

    Hop that helps
    gert
Reply
  • 0
    Hi Jan,

    can you verify under VPN/LiveLog, if the tunnel is up and running ? (IPSEC SA established)

    And you have to add a Packet Filter rule for the traffic coming through the tunnel.
    If you want to enable ping through the tunnel, add the according packetfilter rule.

    Hop that helps
    gert
Children
  • 0 in reply to Gert Hansen
    Hi Gert,

    situation looks like this:
    ping from "some host ip" to external interface of ASL - OK  i get reply

    i set VPN, clicked on SAVE a then enable it...

    ping from "some host ip" to external interface of ASL - NO asl is droping outgoing packets(echo reply) to "some host ip"

    so i added packet filter rules to allow everything from/to "some host ip"
    still not working

    Jan
  • 0 in reply to Zezula Jan
    Hi gert,

    thank you for reply...
    but i dont need it anymore, because of the cost  [:(]
    for securing 12 IP's is price to high  [:(]

    thanks

    Jan
Unfiltered HTML