Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 1 subscriber
  • Views 429 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using VPN from inside networks?

m00dawg
The VPN works great when coming from the external firewall interface, but I cannot get it to work from an internal one (specifically my wireless VLAN). Is there something special that needs to be done for that to work?

I basically want the wireless LAN to have no internal access, except via the VPN. That way we can offer a "public" network while still having a nicely secure way to use our internal services when on a wireless connection.

Here is what I see when I try to connect from my wireless network; 

2011:04:06-17:46:29 firebiz pluto[6672]: packet from 172.20.9.16:500: received Vendor ID payload [RFC 3947]

2011:04:06-17:46:29 firebiz pluto[6672]: packet from 172.20.9.16:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]

2011:04:06-17:46:29 firebiz pluto[6672]: packet from 172.20.9.16:500: ignoring Vendor ID payload [8f8d83826d246b6fc7a8a6a428c11de8]

2011:04:06-17:46:29 firebiz pluto[6672]: packet from 172.20.9.16:500: ignoring Vendor ID payload [439b59f8ba676c4c7737ae22eab8f582]

2011:04:06-17:46:29 firebiz pluto[6672]: packet from 172.20.9.16:500: ignoring Vendor ID payload [4d1e0e136deafa34c4f3ea9f02ec7285]

2011:04:06-17:46:29 firebiz pluto[6672]: packet from 172.20.9.16:500: ignoring Vendor ID payload [80d0bb3def54565ee84645d4c85ce3ee]

2011:04:06-17:46:29 firebiz pluto[6672]: packet from 172.20.9.16:500: ignoring Vendor ID payload [9909b64eed937c6573de52ace952fa6b]

2011:04:06-17:46:29 firebiz pluto[6672]: packet from 172.20.9.16:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-03]

2011:04:06-17:46:29 firebiz pluto[6672]: packet from 172.20.9.16:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]

2011:04:06-17:46:29 firebiz pluto[6672]: packet from 172.20.9.16:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

2011:04:06-17:46:29 firebiz pluto[6672]: packet from 172.20.9.16:500: received Vendor ID payload [Dead Peer Detection]

2011:04:06-17:46:29 firebiz pluto[6672]: "S_REF_FirbWbDpmI_1"[4] 172.20.9.16 #105: responding to Main Mode from unknown peer 172.20.9.16

2011:04:06-17:46:29 firebiz pluto[6672]: "S_REF_FirbWbDpmI_1"[4] 172.20.9.16 #105: NAT-Traversal: Result using RFC 3947: no NAT detected

2011:04:06-17:46:29 firebiz pluto[6672]: "S_REF_FirbWbDpmI_1"[4] 172.20.9.16 #105: Peer ID is ID_IPV4_ADDR: '172.20.9.16'

2011:04:06-17:46:29 firebiz pluto[6672]: "S_REF_FirbWbDpmI_1"[4] 172.20.9.16 #105: sent MR3, ISAKMP SA established

2011:04:06-17:46:29 firebiz pluto[6672]: "S_REF_FirbWbDpmI_1"[4] 172.20.9.16 #105: ignoring informational payload, type IPSEC_INITIAL_CONTACT

2011:04:06-17:46:30 firebiz pluto[6672]: "S_REF_FirbWbDpmI_0"[4] 172.20.9.16 #106: responding to Quick Mode

2011:04:06-17:46:31 firebiz pluto[6672]: "S_REF_FirbWbDpmI_0"[4] 172.20.9.16 #106: Dead Peer Detection (RFC 3706) enabled

2011:04:06-17:46:31 firebiz pluto[6672]: "S_REF_FirbWbDpmI_0"[4] 172.20.9.16 #106: IPsec SA established {ESP=>0x0bd1055b 


I'm using the L2TP IPSEC VPN solution connecting with an OS X 10.5 client. I have confirmed I can connect without issue when coming from the external interface, but not when using the wireless network.

Thoughts?


This thread was automatically locked due to age.