Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 1161 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC Roadwarrior w/ Pgpnet (no IP!)

TnM
I am conducting a product analysis on ASL and encountered the following problem : 

I have read the Astato VPN Howto (from docs.astaro.org) and followed the instructions for IPSEC roadwarrior configuration with PGPnet.

I can succesfully create IKE/IPSEC SA with my ASL server when the connection is establish I can't see any IP address defined from the IPSEC pool I have created or any IP routing changes...

Client is W2K w/ PGPnet 7.0.3. Server is latest ASL stable.

  [:S]  

Anyone can think of something?

Regards,
Patrice.


This thread was automatically locked due to age.
  • 0
    I reply to myself for further help to anyone needing it :

    With IPSEC there is no such thing as routing with additionnal virtual ip like PPTP...

    When a SA is succesfully created and you initiate a IP connection to a host inside a network the packet gets automatically translated (something like Destination NAT) and routed to the internal network.

    The packet will have a source address of public IP and destination of private IP.

    Hosts on the private network MUST have proper routing to send back public traffic to ipsec gateway.

    NOTE! : Make sure you double check your packet forwarding rules. It should go like that :

    VPNCLIENT-Any-Internal Network-Allow
    Internal Network-Any-VPNCLIENT-Allow

      [;)]  

    Here we go!
    Patrice.
  • 0 in reply to TnM
    Your information is helpful. 

    But my problem is I need to assign something like SNAT to packets from VPN clients to internal. Because we have company WAN and internal host shouldn't set ASL as their default route. Is it possible on ASL? And, if I can set SNAT as above, how to make ASL internal interface listen on packets replied to that virtual NATed address/pool?

    Thank you very much.
  • 0 in reply to JJCher
    What are your VPNClients ? Roadwarrior setup (dynamic) or known IP (static) ?
  • 0 in reply to JJCher
    Just turn on the masking from pptp to internal....

    Yes?
Unfiltered HTML