I upgraded my Home ASG7.502 to V8 two days ago. I had one Site-to-Site IPSec tunnel configured between my old V7.502 and another V7.502 at work. After the upgrade this all worked fine; i.e. the IPSec tunnel between the V7.502 at work and the V8 at home worked perfectly fine.
Today I upgraded the V7.502 at work to V8 also and decided to reconfigure the FW from scratch since there were a lot of obsolete objects created in the previous config that needed to be cleaned out anyway. Setting up the Site-to-site IPSec tunnel to my Home V8 worked fine and the connection was established without problems.
The problem I have is that even though the connection is established I cannot access my office LAN from home or vice versa - no pings work, no RDP or SSH to any servers, no http, no ftp, no nothing . Here are the config details:
Policy:
IKE Encryption algorithm: AES 128
IKE authentication algorithm: SHA1
IKE SA lifetime: 28800
IKE DH Group: Group 2: MODP 1024
IPSec encryption algorithm: AES 128
IPSec authentication algorithm: SHA1
IPSec SA lifetime: 3600
IPSec PFS Group: Group 2: MODP 1024
Connection:
Auto packet filter: ON
Advanced:
Use Dead peer detection: ON
Use NAT traversal: OFF
I verified that the policies are identical on both sides and also that the protected subnets on each side was defined properly (no typos there!).
Network Security -> Packet Filter -> ICMP:
Allow ICMP on firewall: ON
Allow ICMP through firewall: ON
Firewall is Ping visible: OFF
Ping from firewall: ON
Firewall forwards Pings: ON
Firewall is Traceroute visible: OFF
Firewall forwards traceroute: ON
I included a route dump from the fw shell as well as the results of a ping from the shell (which gets an ICMP Destination host unreachable response). I can ping the WAN side IP addresses of both firewalls.
Does anybody have any ideas? [:S]
Any help would be greatly appreciated!
This thread was automatically locked due to age.
