Hi Folks:
This was in the General Discussion area. Probably wrong spot. I have Benoit's DHCP running great. Checked the VPN How-to's but they don't cover what I'm trying to do here. Can anyone give me a quick y/n if this can be done? I'm trying a Net-to-Net with one side ASL - DHCP (@HOME) and the other ASL - Static....
Here are the details:
192.168.1.0 DHCP 199.246.74.35 10.10.10.0
IPSEC ASL Left side:
--------------------
PFS: yes
IKE: enabled
Shared Key: xxxxxxxxxxxxxxxxxxxxxxx
Local Interface: 24.114.240.66
Local Subnet: 192.168.1.0
Remote IP: 199.246.74.35
Remote Subnet: 10.10.10.0
IPSEC ASL Right Side:
---------------------
PFS: yes
IKE: enabled
Shared Key: xxxxxxxxxxxxxxxxxxxxxxxx
Local Interface: 199.246.74.35
Local Subnet: 10.10.10.0
Remote IP: Any ANY Allow
ANY Allow
Filters: Right Side:
--------------------
ANY Allow
ANY Allow
For testing I've even opened everything.
ANY ANY ANY Allow
and still nothing.
If I make one small change and alter DHCP and put a static in, it works perfect.
Can I do a Net-to-Net config with one end being DHCP? I checked out the VPN How-to's before. These only outline Host-to-Net or Net-to-Net (Static either end).
I'm pretty sure Freeswan can do this. They seem to use %any and %defaultroute in ipsec.conf for DHCP. Can this be done in ASL?
Any ideas really appreciated. I'm actually working at a customer site.
Note: The @HOME cable modem works fine with Benoit's DHCP patch.
regards, D.Cook
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.