setup:
i have a sonicwall tele (a couple of years old) running firmware 5.1.7.0. it is connected to a dsl line and has a static ip - sonicwallip.
i have installed astaro version 4.004 on a box connected to a dsl line with a static ip address - astaroip.
i have configured a vpn sa on the sonicwall as follows:
ike using pre-shared secret
strong encrypt and authenticate - esp 3des hmac md5
shared secret: xxxxxx
destination network: 192.168.218.0/24
i have configured a vpn sa on the astaro box as follows:
type: standard
ipsec policy: 3des
endpoint definition: local astaroip remote sonicwallip
subnet definition: local internal_network remote home LAN
authentication key: psk - sonicwall home key
the sonicwall log indicates the following:
05/03/2003 15:32:12.288 Starting IKE negotiation 05/03/2003 15:32:40.672 IKE negotiation complete. Adding IPSec SA remote range: (192.168.218.1 - 192.168.218.254)
in the astaro vpn status section i see:
000 "SonicWALL_Home_VPN_1": 192.168.218.0/24===astaroip...sonicwallip===192.168.217.0/24
000 "SonicWALL_Home_VPN_1": ike_life: 7800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "SonicWALL_Home_VPN_1": policy: PSK+ENCRYPT+TUNNEL; interface: eth1; unrouted
000 "SonicWALL_Home_VPN_1": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0
000 "SonicWALL_Home_VPN_1": IKE algorithms wanted: 5_000-1-5, flags=-strict
000 "SonicWALL_Home_VPN_1": IKE algorithms found: 5_192-1_128-5,
000 "SonicWALL_Home_VPN_1": ESP algorithms wanted: 3_000-1, flags=-strict
000 "SonicWALL_Home_VPN_1": ESP algorithms loaded: 3_168-1_128,
000
000 #1: "SonicWALL_Home_VPN_1" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 11s
from the logs it looks like the two are talking. however, any attempts to ping a host on the remote lan results in time-outs.
i'm not quite sure how to proceed from here. the setup seems pretty straight forward and i'm surprised it doesn't work.
any suggestions would be greatly appreciated.
This thread was automatically locked due to age.
