Hi,
i've spent last week over IPSEC between a client with ssh sentinel 1.3.2.2 and Astaro fw.
my parameters are:
ASL 3.212 public ip = 212.199.141.162/255.255.255.248
ASL LAN ip = 192.168.100.0/24
ASL default gw (ISP router) 212.199.141.161
My Client public IP: 62.98.127.213 (NO NAT)
I'm connecting with client modem to an ISP and when i click on diagnostic, i cannot go over phase 1 and i get this in ASL log:
"#6: cannot respond to IPsec SA request because no connection is known for 192.168.100.0/24===212.199.141.162...62.98.127.213[riccardo@rimini.com]"
My connection status is:
VPN Status
000 interface ipsec0/eth1 212.199.141.162
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH
000 algorithm ESP encrypt: id=12, name=ESP_AES
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1
000
000 "My__VPN_1": 192.168.100.0/24===212.199.141.162---212.199.141.161...%any[riccardo@rimini.com]
000 "My__VPN_1": ike_life: 7800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "My__VPN_1": policy: RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+DISABLEARRIVALCHECK; interface: eth1; unrouted
000 "My__VPN_1": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0
000 "My__VPN_1": ESP algorithms wanted: 3/000-1/000, 3/000-2/000,
000 "My__VPN_1": ESP algorithms loaded: 3/168-1/128, 3/168-2/160,
000
Why there is the router ip address 212.199.141.161 in the My__VPN_1 definition?
Is this correct?
I followed the "X509_Host_to_Net_Dynamic.pdf" row by row.... but nothing.
Where is the mistake?
bye
Riccardo
This thread was automatically locked due to age.