This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

tunnel is up, but network is not reachable

Hi!

I´m a newby in vpn.
I have a problem with a vpn-tunnel (x.509).

10.0.0.0/8 == FW1 === internet === FW2 == 192.168.2.0/24

FW1 has a static IP, FW2 a dynamic.

Now my problem.

The vpn-tunnel is up, it seems, but i cannot reach the other neetwork.
I created rules like source:network1 service:any destination:network2 allow,
but if i make a traceroute from the network1 to 192.168.2.75, then it reaches the internal interface of the firewall, and then comes timeouts. The FW has a route to the remote network.

"192.168.2.0/24 dev ipsec0 table 42 scope link"

The routes and rules exists on both firewalls.

Any hints?

This thread was automatically locked due to age.

Parents

0 Andy_01 over 21 years ago

If you go to WebAdmin: Packetfilter -> ICMP, is ICMP forewarding turned on?
Cancel
Vote Up 0 Vote Down

Cancel
0 Steffen_Schulz over 21 years ago in reply to Andy_01

No. I have it enabled now, but i can´t test it because i have no access to one of the FW´s now. I don´t think, that it helps, then i have created rules with the same function, i think. I´ll try and tell you the result!
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Steffen_Schulz over 21 years ago in reply to Andy_01

No. I have it enabled now, but i can´t test it because i have no access to one of the FW´s now. I don´t think, that it helps, then i have created rules with the same function, i think. I´ll try and tell you the result!
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 VelvetFog over 21 years ago in reply to Steffen_Schulz

Is Proxy ARP turned on on your Internal_Interface?
Cancel
Vote Up 0 Vote Down

Cancel