This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC ASG220 -> Symantec 320

Astaro ASG220 ver. 8.302
Symantec 320 2.1.0(1336)

Hello,

I'm trying to create a Site to Site IPSEC VPN between these two pieces of hardware but can't quite get it to work.
I can get the tunnel to come up, both devices will show "connected" but I can only get traffic to flow from the Astaro to the Symantec. I can ping any device on the Symantec device's LAN from the Astaro LAN but not the reverse. I can't see anything in the logs of either device showing the traffic as "blocked" so I'm at a loss as to where to even look next.

My setup (on the Astaro) looks like this:
Policy
(3DES, SHA1, Group1)

Remote Gateway
(Preshared key, VPN ID Type = IP Address, Remote Network = 10.1.15.0/24)

Connection
(Local Interface = External(WAN), Policy= Symantec 320, Local Networks= 10.1.1.0/24, Auto Firewall Rules = Checked, Strict Routing = Un-Checked

Any hints or suggestions on where to look next would be greatly appreciated.
Thank you

This thread was automatically locked due to age.

Parents

0 d12fk over 13 years ago

True, but it still could happen under special circumstances. However, the log you posted says:

2012:05:03-15:47:45 gate1 pluto[7166]: "S_Brantford" #273: sent QI2, IPsec SA established {ESP=>0xca7b3613 ASG case, what are you doing to test? Ping from 10.1.15.0/24 to 10.1.1.0/24? Do you see incoming and outgoing ESP packets on the ASG?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 d12fk over 13 years ago

True, but it still could happen under special circumstances. However, the log you posted says:

2012:05:03-15:47:45 gate1 pluto[7166]: "S_Brantford" #273: sent QI2, IPsec SA established {ESP=>0xca7b3613 ASG case, what are you doing to test? Ping from 10.1.15.0/24 to 10.1.1.0/24? Do you see incoming and outgoing ESP packets on the ASG?
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data