Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 920 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ASL-ASL 2.0 VPN Problem

Michael Siegle
I'm having a problem getting packets to go from Locarno to Weatherby through my VPN and vice versa. I'm able to ping the external interfaces, however if I try to ping the internal interface to any machines behind the firewalls I don't get a response. I've set it up according to the manual, but no luck. The tunnel appears to be up. 

In the routing table I noticed the network on the otherside is pointed to my default gateway. Shouldn't this be pointed to the external interface on the other ASL, if so how do I change that? Any help would be greatly appreciated!

Michael Siegle

Locarno:

Definitions-
External_Int 65.XX.143.39 255.255.255.255
Internal_Net 192.168.1.0 255.255.255.0
Weatherby 65.XX.23.63 255.255.255.255 
Weatherby_Net 192.168.0.0 255.255.255.0

Rules-
Internal_Net Any Weatherby_Net Allow
Internal_Net Any Any Allow

Kernel IP routing table-
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.6.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 ipsec0
192.168.0.0     65.XX.142.1     255.255.255.0   UG    0      0        0 ipsec1
65.XX.142.0     0.0.0.0         255.255.254.0   U     0      0        0 eth1
65.XX.142.0     0.0.0.0         255.255.254.0   U     0      0        0 ipsec1
0.0.0.0         65.XX.142.1     0.0.0.0         UG    0      0        0 eth1


Weatherby:

Definitions-
External_Int 65.XX.23.63 255.255.255.255  
Internal_Net 192.168.0.0 255.255.255.0
Locarno 65.XX.143.39 255.255.255.255
Locarno_Net 192.168.1.0 255.255.255.0 

Rules-
Internal_Net Any Any Allow
Internal_Net Any Locarno_Net Allow

Kernel IP routing table-
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     65.XX.20.1      255.255.255.0   UG    0      0        0 ipsec1
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 ipsec0
65.XX.20.0      0.0.0.0         255.255.252.0   U     0      0        0 eth1
65.XX.20.0      0.0.0.0         255.255.252.0   U     0      0        0 ipsec1
0.0.0.0         65.XX.20.1      0.0.0.0         UG    0      0        0 eth1


This thread was automatically locked due to age.
  • 0
    Hi Michael Siegle, 

    well everyting looks great, your configuration seems to be correct, the packetfilter rules are ok.

    The default gateway as gateway for the oposite internal network is also ok.

    What does WebAdmin > VPN > IPSEC Livelog tell you ? Any Routing or STATUS information?

    Are there any packetfilter violations shown in WebAdmin > Packet Filter > LiveLog ???

    Have you tried to ping from one internal side to the other.

    Pinging the firewalls internal interface from the other firewall is not the same.

    Can you please check that ?

    Well i am curious what the problem is, 
    looking forward to your anwsers

    Kind Regards
    Gert
Unfiltered HTML