I already read the other threads about this. None seem to have complete details on how to establish an IPSec tunnel over a NAT gateway like the Linksys BEFSR41. Can someone suggest what the missing parts to this puzzle might be?
1) Current hardware configuration:
Site 1:
ASL box(2.025) internal IP a.b.c.d on a.b.c.0/24
ASL box connected to Linksys BEFSR41 as 192.168.1.5
Linksys internal IP address 192.168.1.1
Linksys DMZ Host is 192.168.1.5
Linksys firmware level 1.42.7
Linksys external IP address j.k.l.m on Internet
Site 2:
ASL box(2.025) internal IP w.x.y.z on w.x.y.0/24
ASL box external IP address q.r.s.t on Internet
2) Want IPSec tunnel:
left network = a.b.c.0/24
right network = w.x.y.0/24
3) ASL configs
Site1 ASL config:
Packet Filter
a.b.c.0/24 any w.x.y.0/24 allow
w.x.y.0/24 any a.b.c.0/24 allow
VPN
Name site1 to site2
left subnet a.b.c.0/24
left IP a.b.c.d
Right IP q.r.s.t
right subnet w.x.y.0/24
Site2 ASL config:
Packet Filter
a.b.c.0/24 any w.x.y.0/24 allow
w.x.y.0/24 any a.b.c.0/24 allow
VPN
Name site2 to site1
left subnet w.x.y.0/24
left IP w.x.y.z
Right IP j.k.l.m
right subnet a.b.c.0/24
4) Results
After starting both IPSec configurations, both Livelog's look like this:
000 interface ipsec0/eth0 a.b.c.d
000 interface ipsec1/eth1 192.168.1.5
000
000 "site1_to_site2": a.b.c.0/24===a.b.c.d---192.168.1.1...
000 "site1_to_site2": ...q.r.s.t===w.x.y.0/24
000 "site1_to_site2": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 600s; rekey_fuzz: 100%; keyingtries: 0
000 "site1_to_site2": policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; unrouted
000 "site1_to_site2": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0
000
000 #1: "site1_to_site2" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 38s
This thread was automatically locked due to age.
