From: José A. d. S. N. <jos...@sa...> - 2009-05-06 20:10:21
|
Hello guys, I have the following scenery: server-client(200.x.x.1)--vpn-gw-cli[200.x.x.x]--(internet)--my-racoon-gw[200.a.b.c]----fw-lan[192.168.30.90]---host-to-connect-in-server-client[192.168.2.2] For this case I used this in ipsec-on ( for the phase 1) spdadd 200.x.x.1 192.168.2.2/32 any -P in ipsec esp/tunnel/200.x.x.x-200.a.b.c/require; spdadd 192.168.2.2/32 200.x.x.1 any -P out ipsec esp/tunnel/200.a.b.c-200.x.x.x/require; As phase 1 and 2 was correctly configured the tunnel was established. My Client's server can connect in my internal server (192.168.2.2) but I can't do the reverse. Using the command setkey -DP I can see this: 192.168.2.2[any] 200.x.x.1[any] any out prio def ipsec esp/tunnel/200.a.b.c-200.x.x.x/require created: Apr 30 08:12:20 2009 lastused: lifetime: 0(s) validtime: 0(s) spid=169 seq=5 pid=6488 refcnt=1 and 200.x.x.1[any] 192.168.2.2[any] any in prio def ipsec esp/tunnel/200.x.x.x-200.a.b.c/require created: Apr 30 08:12:20 2009 lastused: lifetime: 0(s) validtime: 0(s) spid=152 seq=8 pid=6488 refcnt=1 PS: 200.x.x.1 200.a.b.c and 200.x.x.1 had a valid IP address. When I try to connect from the host 192.168.2.2 on host 200.x.x.1, my racoon server tries to reach it through the Internet and not through the tunnel. Someone knows how can I solve this ? José Augusto dos Santos Neto Senior Technical Support Analyst - IT Network Administrator SAGEM ORGA DO BRASIL S/A Av. Independência, 3451 Independência - Taubaté/SP - CEP 12032-000 Fone: +55 12 2125-6506 Fax: +55 12 2125-6535 Mobile: +55 12 8145-6505 e-mail: jos...@sa... Website: http://www.sagem-orga.com.br Sagem Orga is a member of the SAFRAN Group |