[Users] pinging from freeswan box

From: psnizek_at_belfin.ch
Date: Tue Jan 14 2003 - 14:32:34 CET

• Next message: Joop Marijne: "RE: [Users] what is causing protocol/port in Phase 1 ID Payload must be 0/0 or 17/500 but are 17/0"
• Previous message: Ken Bantoft: "Re: [Users] what is causing protocol/port in Phase 1 ID Payload must be 0/0 or 17/500 but are 17/0"
• Next in thread: claudio_at_profiletecnologia.com.br: "[Users] Freeswan - Cisco"
• Reply: claudio_at_profiletecnologia.com.br: "[Users] Freeswan - Cisco"
• Reply: Sam Sgro: "Re: [Users] pinging from freeswan box"
• Maybe reply: psnizek_at_belfin.ch: "RE: [Users] pinging from freeswan box"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi all,

today I build up two vpns (it quite easy and without problems):

lan - netscreen <-> freeswan 1.98b box
lan - sonicwall <-> freeswan 1.98b box

The tunnels are getting established and I can connect to the freeswan box'
lan if from the lan behind each hardware firewall.
If I'm on the freeswan box I can't ping the boxes neither behind the
sonicwall nor behind the netscreen. All filters on the freeswan box are
disabled.
This freeswan box later is intended to be an IDS. Therefore I also intend to
bind all deamons to the lan if which is not attached to any lan. Traffic
(emails etc) should go through the tunnel.

is there something special to consider?

Thanks a lot & regards,
Philipp

Connection Log:
carbon:/etc # ipsec auto --up sonicwall-ids
104 "sonicwall-ids" #1: STATE_MAIN_I1: initiate
106 "sonicwall-ids" #1: STATE_MAIN_I2: sent MI2, expecting MR2
003 "sonicwall-ids" #1: ignoring Vendor ID payload
003 "sonicwall-ids" #1: ignoring Vendor ID payload
003 "sonicwall-ids" #1: ignoring Vendor ID payload
108 "sonicwall-ids" #1: STATE_MAIN_I3: sent MI3, expecting MR3
004 "sonicwall-ids" #1: STATE_MAIN_I4: ISAKMP SA established
112 "sonicwall-ids" #2: STATE_QUICK_I1: initiate
003 "sonicwall-ids" #2: ignoring informational payload, type
IPSEC_RESPONDER_LIFETIME
004 "sonicwall-ids" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
carbon:/etc # ipsec auto --up netscreen-ids
104 "netscreen-ids" #3: STATE_MAIN_I1: initiate
003 "netscreen-ids" #3: ignoring Vendor ID payload
003 "netscreen-ids" #3: ignoring Vendor ID payload
106 "netscreen-ids" #3: STATE_MAIN_I2: sent MI2, expecting MR2
108 "netscreen-ids" #3: STATE_MAIN_I3: sent MI3, expecting MR3
004 "netscreen-ids" #3: STATE_MAIN_I4: ISAKMP SA established
112 "netscreen-ids" #4: STATE_QUICK_I1: initiate
004 "netscreen-ids" #4: STATE_QUICK_I2: sent QI2, IPsec SA established
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Joop Marijne: "RE: [Users] what is causing protocol/port in Phase 1 ID Payload must be 0/0 or 17/500 but are 17/0"
• Previous message: Ken Bantoft: "Re: [Users] what is causing protocol/port in Phase 1 ID Payload must be 0/0 or 17/500 but are 17/0"
• Next in thread: claudio_at_profiletecnologia.com.br: "[Users] Freeswan - Cisco"
• Reply: claudio_at_profiletecnologia.com.br: "[Users] Freeswan - Cisco"
• Reply: Sam Sgro: "Re: [Users] pinging from freeswan box"
• Maybe reply: psnizek_at_belfin.ch: "RE: [Users] pinging from freeswan box"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Wed Jan 15 2003 - 20:11:39 CET