Exampleconfiguration of a Connection between ASL 4.020 and SSH-Sentinel 1.4.1 using a Virtual IP
(try this first without a router to exclude a Routermisconfiguration - use a Dialinconnection for Example)
Maybe someone is interested in....
ASL-Config:
Create a simple Roadwarrior VPN/IPSec-Connection:
For Example:
IPSec-VPN / Connections:
Type: Roadwarrior
IPSec-Policy: 3DES
Auto Packet Filter: ON
Endpoint Definiton:
Local Endpoint:
Remote Endpoint: Any
Subnet Definitons:
Local Subnet: ETH0_Network_
Remote Subnet: none
Keys:
IPSec-VPN / Remote Keys:
Select your Connectionname and klick Edit
AutoPacketFilter: ON
Virtual IP: 192.168.4.1
do not use a IP/Subnet which you have already in your LAN
with this Settings you do not need to define a Packetfilterrule oder manually add a Route to ASL.
Client-Side with SSH-Sentinel 1.4.1:
Create your Policy as for a non VirtualIP-Connection
Check Aquire Virtual IP
Specifiy manually 192.168.4.1 with Mask 255.255.255.0 (for example)
Check Pass NAT-Device (NAT-T)
Check Deny Split Tunneling
Check the PMTU field
Now the tunnel will be established successfully, but no IP-Communication was possible (here - with my config).
I did the following.
Check if you have to insert a route on the Client to communicate with your LAN via the Tunnel. (in my first try i specified a Subnet which was not
automatically routed, as virtual IP)
netstat -r
Check in the Sentinel Config / PreIPSecFilter if your LAN-Network is present (maybe in a any--any Rule). ---> Remove this.
For testing: insert a rule any /low ports -- any /low ports ....
the rule ...IKE... does not work here for me.
(i'll investigate this further)
and now a ping should work
I thing the mainproblem lies on the clientside (filter-rules)
Greetings
Thomas
This thread was automatically locked due to age.