This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec policies big question!

Hi to all,
i was trying to connect two ASL (v4 and v5), one with regular static public IP for the external eth and the other connected to a 4Mbit internet connection with a private ip (10.x.x.x), for the external eth, natted to a dynamic public ip.

Using standard type ipsec conn and an RSA ipv4 address key for the first asl and a RSA e-mail address key for the second one it's all ok only if I use the AES policy... trying to use AES_PFS or AES_PFS_COMP, the VPN goes down....WHY!?!!?!?

This thread was automatically locked due to age.

Parents

0 bagira over 20 years ago

What about the logs?
Did you enable NAT-T on both sited and disbled IPSec-Passthrough on the natting device. You also have to forward udp port 500 and 4500 on that device.
/bagira
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 bagira over 20 years ago

What about the logs?
Did you enable NAT-T on both sited and disbled IPSec-Passthrough on the natting device. You also have to forward udp port 500 and 4500 on that device.
/bagira
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 mario over 20 years ago in reply to bagira

yes, NAT Traversal is enabled on both firewalls but the natting device is not mine but of the ISP....
for the port forwarding they assured me about the device: it fowards all the ports....
Cancel
Vote Up 0 Vote Down

Cancel
0 Puilla over 20 years ago in reply to mario

I have the same, one nated astaro and the other one with public ip. I have a lot of problems to stablish the tunnel. Finaly, when the tunnel is up, in one hour the tunnel fall and don't get up alone. I always must to stop the VPN in both sides and restart. Why?

I use astaro 4 and 5 to.
Cancel
Vote Up 0 Vote Down

Cancel