Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Routing problem?

From: Mimmus (dviggiani_at_tiscalinet.it)
Date: Mon May 06 2002 - 19:05:11 CEST

Next message: Steve Elkins: "Re: [Users] Ipsec device max number???"
Previous message: ipsec_at_timehost.net: "[Users] private ip -> ipsec conn -> ipsec(freeswan) & nat -> internet"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi list,
I have this network:

Host1=========FW1--------...--------FreeS/WAN=========Host2

leftsubnet=a.b.c.d/24
(NAT) (NAT) 192.168.30.0/24
Checkpoint FW-1/NG/FP1 (3DES) with NAT
FreeS/WAN 1.95 with NAT
rightsubnet=192.168.30.0/24

IKE negotiations works fine. Also, if I setup FreeS/WAN without
'rightsubnet=192.168.30.0/24' (i.e. I have only the FreeS/WAN machine), all
is OK and I have encrypted traffic from this machine to private network
a.b.c.d/24.
Instead, if I insert 'rightsubnet=...', I'm unable to ping any host from/to
both networks 192.168.30.0/24 and a.b.c.d/24.
If I ping Host1 from Host2, I see decrypted ICMP8-request packet through
FW-1, the packet reachs Host2, there is ICMP0-response but this 'dies' on
the FW-1 gateway.
In my opinion, FW-1 sees no path to the remote network.

Have you any idea or suggestion?
Thanks in advance for any help.

Bye from Italy
Domenico Viggiani

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Steve Elkins: "Re: [Users] Ipsec device max number???"
Previous message: ipsec_at_timehost.net: "[Users] private ip -> ipsec conn -> ipsec(freeswan) & nat -> internet"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST