Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 3309 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC VPN - Do i need to add a route?

Rols001
Hey Guys,

Sorry for my Newbism.

I have setup an IPSEC VPN between an ASG (8.001) and a Billion 7404VGO. The tunnel is up but I can't seem to route any traffic between the two networks.

Do I need to manually add some routes to both the ASG & Billion? I thought that as long as the tunnel came up the routing would be automatic? I cant ping any remote addresses from the ASG itself.

If anyone has advice I'd appreciate it.

Cheers


This thread was automatically locked due to age.
Parents
  • 0
    Ok here is an extract from the log. It seems like the PF is dropping the packets because of firewall rule 60003? 

    2011:05:11-01:08:16 astaro ulogd[4476]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="ppp0" srcmac="0:0:xx:xx:xx:xx" srcip="203.xx.xx.xx" dstip="124.xx.xx.xx" proto="51" length="144" tos="0x00" prec="0x00" ttl="64" 
    2011:05:11-01:08:19 astaro ulogd[4476]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="ppp0" srcmac="0:0:xx:xx:xx:xx" srcip="203.xx.xx.xx" dstip="124.xx.xx.xx" proto="51" length="144" tos="0x00" prec="0x00" ttl="64" 
    2011:05:11-01:08:25 astaro ulogd[4476]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="ppp0" srcmac="0:0:xx:xx:xx:xx" srcip="203.xx.xx.xx" dstip="124.xx.xx.xx" proto="51" length="144" tos="0x00" prec="0x00" ttl="64"
  • 0 in reply to Rols001
    Ok well today I tried using another ASG in place of the Billion router just to test - the IPSEC tunnel came up & I was able to route traffic between the two networks just fine.

    So I guess the problem has something to do with the Billion router - even though its clear that the ASG is dropping packets when the tunnel is up........very strange.

    Any thoughts?

    =================================
    Side question - now that I know I can get IPSEC working how do I filter packets between the two networks? For example if I wanted only a few specific ports to be opened between the networks where do I set the rules? I tried adding some rules to the PF but they seem to get ignored.

    Maybe I should start a new thread......

    Thanks for everyone's input so far -> Bob/Barry [:)]
  • 0 in reply to Rols001

    Side question - now that I know I can get IPSEC working how do I filter packets between the two networks? For example if I wanted only a few specific ports to be opened between the networks where do I set the rules? I tried adding some rules to the PF but they seem to get ignored.



    Edit your IPSec connection and uncheck Auto Packet Filter. Then create manual packet filter rules for the specific traffic you want to allow.
  • 0 in reply to dilandau
    Thanks dilandau - Thats working a great!

    As for the Astaro & Billion IPSEC issue does anyone have any ideas why the ASG PF would be dropping packets (rule 60003)?

    I still need to get the ASG & Billion working together.

    Cheers
Reply
  • 0 in reply to dilandau
    Thanks dilandau - Thats working a great!

    As for the Astaro & Billion IPSEC issue does anyone have any ideas why the ASG PF would be dropping packets (rule 60003)?

    I still need to get the ASG & Billion working together.

    Cheers
Children
No Data
Unfiltered HTML