This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Big Problem with IPSEC

Okay, I followed the Astaro setup exactly on the kb for setting up a IPSEC vpn. The tunnel completes just fine, and after adding my virtual ip to the webadmin access I am able to connect to astaro, but no matter what I do I can not connect to any hosts inside my network. I can't ping them, I can't connect via RDC, nadda. I've allready added a rule to allow "virtual ip"->any->any and internal->any->"virtual ip" but no luck. I've tried with autopacket filter on /w no rules, auto packet filer off w/ rules, off w/o rules, and on w/o rules. What's the deal?

This thread was automatically locked due to age.

Parents

0 Xeno over 20 years ago

Make sure you set a valid Subnet in Webadmin -> IPsec VPN -> Connections -> IPSec Connections -> Subnet definition (optional) -> Local Subnet. Otherwise you can not connect to other machines beside the firewall itself. In this field you have to set the network you like to have access to.

Another problem could be a router in between the firewall and the host you would like to reach. Is there a router in between? If there is a router in between you might have to set some routes to make sure the host you like to reach is able to send back packets. Keep in mind that this host uses the virtual IP you set. Make sure this IP is routed back to the firewall. Maybe a router in between routes that IP to another gateway.

Xeno
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Xeno over 20 years ago

Make sure you set a valid Subnet in Webadmin -> IPsec VPN -> Connections -> IPSec Connections -> Subnet definition (optional) -> Local Subnet. Otherwise you can not connect to other machines beside the firewall itself. In this field you have to set the network you like to have access to.

Another problem could be a router in between the firewall and the host you would like to reach. Is there a router in between? If there is a router in between you might have to set some routes to make sure the host you like to reach is able to send back packets. Keep in mind that this host uses the virtual IP you set. Make sure this IP is routed back to the firewall. Maybe a router in between routes that IP to another gateway.

Xeno
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 RobFoster_01 over 20 years ago in reply to Xeno

Thanks for the reply. For the local subnet I've got my internal network specified and my local end point is my external interface. Between the host and the FW I've only got a switch. My internal network is 192.168.0.0 and the virtual IP I am using is 192.168.100.1. I don't know if it matters or not but masq. is turned on for the internal network on the external interface. I'm totally stumped.
Cancel
Vote Up 0 Vote Down

Cancel
0 Xeno over 20 years ago in reply to RobFoster_01

Hmm, ok the configuration looks good. Please make sure your hosts in the internal subnet have set the internal IP of the Astaro as default Gateway.

Xeno
Cancel
Vote Up 0 Vote Down

Cancel
0 RobFoster_01 over 20 years ago in reply to Xeno

Okay, okay, I'm an imbecile. [:$]
Cancel
Vote Up 0 Vote Down

Cancel