hallo,
we detected some strage behavior of astaro firewall over a vpn.
1) theres no proplem to reach a host in one network from a host in the other network, but the firewall itself is unable to ping a host from the remote network.
example:
host 192.168.1.1 is able to ping host 192.168.2.1 through the vpn but the firewall 192.168.1.254 is unable to ping host 192.168.2.1.
this behavior occur vice versa too!
in my opinion this is a local routing problem (device!)
this behavior prevents logging to a central site without bouncing
2) we recognized also that the firewall is killing the vpn routes if you've changed a route remotly with the web-interface over the vpn.
this happens even bye adding a route.
the firewall itself is responding requests over the internet, and from the internal network, but the vpn-tunnel is definitely down.
maybe the script ist just rebuilding the routing-table and forget to restart ipsec also.
maybe there's already a solution out there...
my best regards
-1
*UPDATE* 27-11-2001
thanx to astaro for the "debug-session" yesterday evening. the problem that the ASL itself wasn't able to ping hosts from the other network over the vpn although it connects both networks, was solved.
a simple second vpn-tunnel just between two ASL and a DNAT-rule enables the possibility for centralizing the log-file-collection. thanx for all.
the other problem, that the ASL restore more then the default-routes after some changes @ the routing-table by accessing the web-interface trhough the VPN, seems to be a bug in the middleware. hope this is fixed in further releases of ASL.
thx again
-1
[ 27 November 2001: Message edited by: minuseins ]
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
