Hi !
after setting up and establishing a new ipsec site2site connection
from a LANCOM 1821 to our ASL v5.2 appliance, no IP traffic went
through the tunnel. As I noticed, that the ASL was filtering out every
AH packet sent out either by the LANCOM and the ASL, I had to
set up a rule to bypass any traffic from the external public IP-address
of the LANCOM to the external IP-address of our ASL an d vice versa
to get IP connections working between the 2 LANs. IMO this can't
be working as designed because the remote end (in this example
the LANCOM router) usually has no fixed IP address and therefore
the definition of the remote network must be changed every now
and then. I always thougt, that the ruleset, that allows AH and ESP
traffic for a specific IPsec connection
(especially if the remote end uses dynamic IP addresses) is set up
automatically by the ASL as soon as the remote end establishes the
IPsec SA. So my question is: What can I do to get this connection
working smoothly ?
bye,
murph
--
Version of ASL: Professional Version Release 5.206 (Hardware Appliance)
Settings of IPsec connection:
Type: Standard
Policy: AES_PFS
Auto Packet Filter: On
Strict Routing: On
Local Endpoint: External (External public IP address of ASL)
Remote Endpoint: Dynamic IP Address
Local Subnet: Internal Network
Remote Subnet: Definition of remote Subnet (behind the LANCOM)
Key: preshared key definition
This thread was automatically locked due to age.