Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 1 subscriber
  • Views 52294 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC VPN ID Question

snooty
Hello,

I am stuck on a issue which is probably very simple but cannot work it out [:S]  Any help would be appreciated.

I am trying to set up a IPSEC Site2Site Tunnel allong the following setup:

(LocalNet:192.168.210.0/24)--(LocalAstaro WAN:192.168.0.105)--(LocalRouterWAN:81.222.205.125)
===Internet===
(HeadOfficeWAN:85.196.155.70)--(HeadOfficeNet:192.168.150.0/25)

So the local astaro is stuck behind a router which gives it the IP:192.168.0.105

Now I know that the solution to this is to enable NAT (Done)
and set the VPN ID at the local side to 81.222.205.125 and it should work.
As the Headoffice VPN is set to communicate to 81.222.205.125

The question is how to set the local VPN ID to 81.222.205.125???

I had thought this would be set in Remote Gateway -- VPN ID Type: IP Address -- VPN ID 81.222.205.125
but this seems to have no effect?

The tunnel that is displayed is:
SA: 192.168.210.0/24=192.168.0.105   85.196.155.70=192.168.150.0/24
VPN ID: 192.168.0.105
Error: No connection

Clearly the tunnel will not work until I am able to set the VPN ID: 81.222.205.125
but how????????? [:O]

Thanks


This thread was automatically locked due to age.
Parents
  • 0
    Hi, snooty, and welcome to the User BB!

    I'm not following your question, nor the comment of d12fk.  I don't think the problem is the name your Astaro uses to identify the connection, but we should look at the IPsec log to confirm that.  My guess would have been that NAT-T is not enabled on both sides; again, the log would help.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Hi, snooty, and welcome to the User BB!

    I'm not following your question, nor the comment of d12fk.  I don't think the problem is the name your Astaro uses to identify the connection, but we should look at the IPsec log to confirm that.  My guess would have been that NAT-T is not enabled on both sides; again, the log would help.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    I'll try to elaborate then.

    When using PSK the ASG automatically uses the IP address of the interface the connection is configured for as VPN ID. Snooty has a router in front of the ASG on one side, which does DNAT for UDP/500 and UDP/4500, forwarding incoming IKE traffic towards the ASG. So, the ASG appears to it's remote peer being reachable at the forwarding routers public IP address 81.222.205.125. The VPN ID it uses is the internal IP address 192.168.0.105, though.

    The question was where to configure the VPN ID to be 81.222.205.125.
    The answer was: you can't. That made snooty a sad panda... and me sorry. =)
Cookie Information Banner