Hi,
I´ve defined a virtual ip on the extern interface. I want to use it for all vpn-connections. If I edit my ipsec connection and switch the interface to the virtual adress, I get the information that no routinginformation is available. At the other firewall (with dyn ip) is a route. By using the "real" interface its all ok.
FW1 (static ip) VPN Status:
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH
000 algorithm ESP encrypt: id=12, name=ESP_AES
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1
000
000
FW2 (dyn ip) VPN Status:
000 interface ipsec0/ppp0 2xx.xx.xx.xx
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH
000 algorithm ESP encrypt: id=12, name=ESP_AES
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1
000
000 "rsa_1": 192.168.xxx.0/24===2xx.xx.xx.xx[@some.dnsalias.com]---2xx.x.xx.xx...6x.xx.xx.xx===192.168.xxx.0/24
000 "rsa_1": ike_life: 7800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "rsa_1": policy: RSASIG+ENCRYPT+TUNNEL+DISABLEARRIVALCHECK; interface: ppp0; trap erouted
000 "rsa_1": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0
000 "rsa_1": ESP algorithms wanted: 12/128-1/000, 12/128-2/000,
000 "rsa_1": ESP algorithms loaded: 12/128-1/128, 12/128-2/160,
000
000 #1: "rsa_1" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 12s
What is the Problem of FW1? There is nothing in the logfiles.
Thanks for help!
This thread was automatically locked due to age.
