Guys,
As a school assignment i have to build a site-to-site VPN between two monowall firewalls. I've tried setting this up using verious manuals but it doesn't seem to work so far. The general idea is to have to companys to be connected to each other network.
I'm able to ping both firewalls (on the WAN side) with the build in ping utility in the web-interface of Monowall so I can conclude that the connection itself is there. Also i read somewhere to allow ESP traffic, so i've applied the rule that on the WAN interface to pass the protocol ESP from any source on any port from any destination on both firewalls.
So i don't know if my initial config is right:
SuperStar-GAT01WAN IP: 192.168.1.2
Subnet: 255.255.255.0 (/24)
LAN IP: 192.168.3.1
Subnet: 255.255.255.0 (/24)
DMZ ip: 192.168.2.1
Subnet: 255.255.255.0 (/24) (shouldn't be in the site-to-site VPN)
SuperStar-GAT02WAN IP: 192.168.1.3
Subnet: 255.255.255.0 (/24)
LAN IP: 192.168.3.2
Subnet: 255.255.255.0 (/24)
Both machines are connected to a linksys router which has the IP 192.168.1.1 (gateway of both firewalls)
I've setup both machines using the same settings
except the Remote subnet and Remote gateway.
The config of SuperStar-GAT01Mode: Tunnel
Disabled: not checked
Interface: WAN
Local Subnet: Type: Lan Subnet
Remote subnet: 192.168.3.0 / 24
Remote gateway: 192.168.1.3 (The WAN IP of SuperStar-GAT02)
Phase 1Negotion mode: Aggressive
My identifier: My IP address
Encryption algorithm: 3DES
Hash Algorithm: SHA1
DH Key Group: 2
Lifetime: (Blank)
Authentication mode: Pre-Shared key
Pre-Shared key: EIC7APNb (the firewall won't be reachable over the internet so....)
Certificate: (Blank)
Key: (Blank)
Peer cerificate: (Blank)
Phase 2Protocol: ESP
Encryption algorithms:
- DES (so not checked)
[v] 3DES
[v] Blowfish
[v] CAST128
[v] Rijndael (AES)
Hash algorithm:
[v] SHA1
[v] MD5
PFs key group: off
Lifetime: (Blank)
The config of SuperStar-GAT02Mode: Tunnel
Disabled: not checked
Interface: WAN
Local Subnet: Type: Lan Subnet
Remote subnet: 192.168.3.0 / 24
Remote gateway: 192.168.1.2 (The WAN IP of SuperStar-GAT01)
Phase 1Negotion mode: Aggressive
My identifier: My IP address
Encryption algorithm: 3DES
Hash Algorithm: SHA1
DH Key Group: 2
Lifetime: (Blank)
Authentication mode: Pre-Shared key
Pre-Shared key: EIC7APNb (the same as SuperStar-GAT01)
Certificate: (Blank)
Key: (Blank)
Peer cerificate: (Blank)
Phase 2Protocol: ESP
Encryption algorithms:
- DES (so not checked)
[v] 3DES
[v] Blowfish
[v] CAST128
[v] Rijndael (AES)
Hash algorithm:
[v] SHA1
[v] MD5
PFs key group: off
Lifetime: (Blank)
I've saved the config and applied it, but there is no way to see if the connection is made, i cannot ping from one workstation form one network to the other network.
Please help me out here,
Thanks,
r00ster