Ok, i know a guy JUST posted a similar issue yesterday, but his problem was a dsl modem and if i would have posted my issue in his post it probably wouldn't have been answered.
I setup ASL 7.001 and have never been able to get IPSEC with PSK running properly. I have a couple of remote locations with Linksys RV082's as well as another Astaro 7.001 Box.
The main location has AT&T 3000/512 ADSL Static 5 IP's (NOT PPPoE) i've added the 4 additional ip's as secondary ip's btw. The other locations are using Cox Cable (DHCP w/ Dynamic DNS).
BTW i'm not a n00b with ipsec as i've successfully set these tunnels at this same location connecting to the same endpoints using Adtran Netvanta's (1224R, 3200 and 3305), IPCop, Endian Firewall and pfSense.
the tunnels get established, however i can only ping from pc's on the linksys rv082 side to machines on the ASL side. i can't ping from behind any Astaro box.
i have auto packet filter on. i have also tried disabling it and have created a rule at the top of the packet filters to allow all traffic from the internal network to the remote gateway(s).
i've tried it with and without strict routing.
i've dropped the mtu down to 1400, 1300 and 1200 with no improvement.
i've tried several working dsl modems (i have 6 of them, 5 different types of speedstreams and an alcatel). Never had any other trafffic issues to my knowledge but i figured i'd try to make sure
I've disabled IPS
it seems to me to be more of a routing problem than anything else. i don't think the ASL is sending traffic to those subnets through the ipsec tunnels to the remote gateways. pretty much some of the tcp traffic i generate from the remote side works like http/s, vnc but not rdp and i can't browse network shares.
When i made the Astaro traceroute visible and run a traceroute, i can clearly see that packets route out to the DEFAULT gateway, one more hop to the local sbc/AT&T router, then nothing because its going to a non routable 192.168.X.X address.
In a normal, working ipsec tunnel if your firewalls are traceroute visible, you will not see any hops in between the two subnets, only the firewall LAN addresses in each subnet and the destination ip
how do i fix this? what am i doing wrong? is there anything i need to do to tell it to use the tunnel? i set the local interface on the ipsec connection as the adsl interface (otherwise the tunnel won't establish)
Can someone please help me with these issues? i have yet to successfully get ipsec up and running on these boxes.
This thread was automatically locked due to age.
