Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 816 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ASL 3.208 & IPSEC & Client behind masqueraded VPN

nsec
I'm trying to set up a simple VPN tunnel:

REMOTE
Client: W2k w/ Sentinel, IP 192.168.42.123
Firewall: RedHat 7.3 w/ iptables, NAT & static IP

LOCAL
Firewall/VPN GW: ASL 3.208, static outside IP
Local Net: 192.168.10.0/24

No matter how I configure the tunnels, the connection always fail with the infamous "..because no connection is known for [..]" message. And yes, I've tried both x.509 and pre-shared secrets.

However, if I replace the ASL with a linux box running Free/SWan, where I can hack the ipsec.conf file manually, it works. This would indicate that the problem is in the ASL config somewhere, perhaps the scripts that creates the ipsec.conf?

Has anyone succeeded in setting up a configuration like this, and if so, how?


This thread was automatically locked due to age.
Parents
  • 0
    Nsec:

    If your remote client is behind a NAT device  I believe IPSec will not work....you will have to use PPTP or connect the remote device directly to the ISP

    Rayzor
  • 0 in reply to Rayzor
    There are (at least) two reasons why it _should_ work:

    1. The NAT at the client side can masqureade VPN traffic.

    2. It works if I replace the ASL with a generic linux box running Free/Swan. (The ASL is a linux box running Free/Swan.)

    This makes me believe that there is something wrong/missing in the ASL scripts that generate the ipsec.conf file for Free/Swan, but I simply don't have the time to figure out exactly what it is.
  • 0 in reply to nsec
    Try to use FQDN as the ID instead of IP address which NAT will obscure.
Reply Children
No Data