[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSec Questions.

On Sunday, Nov 24, 2002, at 14:37 US/Pacific, Craig Hammond wrote:

Also it seems that the PC running isakmpd can't talk to the private
IP's on the other size of the tunnel. Is this correct, or have I done

something wrong.

Also quite normal, as it sounds like your tunnel does not include the
endpoints. Look at the generated SAs (netstat -rn -f encap), the >peer
addresses are not part of them.

If you want them included, create tunnels for them as well. In a
"typical" setup, this means a total of four tunnels(/Connections).

Thanks for that info, but how do I create those extra two tunnels???

Considering my newbieness take this with a grain of salt. But I believe under Phase 2 on both hosts add 3 more Connections=, and under the tags for Remote-ID and Local-IDs change ID_type= from IPV4_ADDR_SUBNET to IPV4_ADDR, and change Network= to Address= where appropriate.

At a high-level you have a tunnel from network from network, but now you need to add network1 to host2, network 2 to host1, and I think host1 to host2.

Hopefully Hakan will check in if I'm way off on this.