I currently have one site-to-site IPSEC tunnel configured over our primary Internet circuit, and all is working normally. We also have a DSL Internet connection that we use for backup connectivity, and I am trying to configure a IPSEC tunnel to use that connection, but with no luck. This is what I am seeing thus far:
1) I have configured the connection and everything looks good, however the tunnel never appears to try to connect. The network to which am trying to connect is saying they never see packets from my side.
2) I have verified that I can connect to the Internet using the DSL connection, so there doesn't appear to be a problem with the circuit itself
3) When I try to start the tunnel, I'm getting this message in the live log:
ERROR: "S_Royal VPN Connection" #348: sendto on ppp0 to 207.108.247.253:500 failed in main_outI1. Errno 1: Operation not permitted
4) If I check the packet filter log, I see that the system appears to be dropping the packets it is sending out to initiate the tunnel:
11:15:05 Default DROP UDP 99.2.253.110 : 500
→ 207.108.247.253 : 500
len=280 ttl=64 tos=0x00
(99.2.253.110 is the static IP on my DSL connection, and 207.108.247.253 is the remote gateway to which I am trying to connect)
5) Because of the above, I specifically created packet rules (and placed at the top) to allow this traffic, including any -> any -> 207.108.247.253 and any -> IPSEC-IKE -> any... this didn't have any affect.
I'm using 7.505 on an ASG220. I would appreciate it very much if someone could give me some insight into this issue or suggest a new path to investigate. Just for clarification, I already have the DSL modem in bridge mode and allow the ASG to handle the PPPoE.
Thanks.
This thread was automatically locked due to age.
