Here's a fun VPN problem. I'll start with the setup.
Point A running ASL 3.218.
Internal lan nic 192.168.11.1
External lan 10.10.10.102 default gw 10.10.0.1 (This goes through a wireless link.)
Point B running ASL 3.218.
Wlan nic is 10.10.10.1
Safe Net nic 10.0.11.100 default gw 10.0.1.6
This is the firewall for the wireless lan.
Point C running ASL 4.007
Safe Net nic 10.0.11.8
DMZ nic 10.1.11.8 with an alias of 172.16.10.8
IPSec is setup as follows:
Point A:
Remote end point is 10.0.11.8
Local end point is 10.10.10.102
Remote subnet is 172.16.10.0
local subnet is 192.168.11.0
Point C:
Remote end point is 10.10.10.102
Local end point is 10.0.11.8
Remote subnet is 192.168.11.0
Local subnet is 172.16.10.0
Point A can ping point C
Point C can ping point A
Point B allows the traffic.
The VPN was starting up fine and working. Problem is it was shutting down at random times. I was able to restart it without any problems. Today the VPN would not restart. When it did finally start, the tunnel and route was up, but the packets wrapped in the ESP were trying to be delivered via the default route.
All point B does is snat traffic by service. This is how allowed traffic is routed. Filter rules allowed any traffic both ways between 10.10.10.102 and 10.0.11.8.
I know this is still a very vague description, but any ideas why this won't work? Has anyone else tried a simular setup? Or how would you set this up. Maybe that will help.
This VPN setup is for MS Exchange. The Exchange server is 172.16.10.32
This thread was automatically locked due to age.