I followed the Dyanmic X.509 Host>Net procedure and I have had great success getting SSH Senintel 1.3.2.2 on a Win2K box to exchange certs and establish a tunnel with our ASL.
The problem is I can't pass any traffic over the tunnel and I am not sure why. I am sure a step is missed or not done correctly but I cant see it. Hopefully someone here will.
The ASL ports look like this:
ext.net.eth1.2 (external IP/interface)
ext.net.eth1.1 (ISP router IP)
int.net.eth0.1 (internal IP/interface)
10.0.69.0/24 (rem_net remote user network)
I am not running NAT on ASL or remote box. The remote box is a dynamic IP via modem/ISP. The internal network is a static, registered class C. ASL is not doing dhcp service.
When the remote box establishes the tunnel there are no errors. I can look at IPSEC Connections on ASL and see the connection and the routing. However I am never able to pass any packets thru the tunnel.
Shouldn't the remote box get an IP that is a part of the 10.0.69.0/24 network?
Is the remote box's IP (from ISP) the only IP inplay and the VPN tunnel just routes that IP in/out of the internal network?
I am lost. I have the tunnel but I am unsure of the relationship between the remote box and the internal networks.
Thanks,
Jeff
This thread was automatically locked due to age.
