News: This forum is now permanently frozen.
Pages: [1]
Topic: Ipsec Nat the issue?  (Read 334 times)
« on: November 12, 2014, 01:35:16 »
brightidea *
Posts: 3

I have a ipsec that establishes and nodes on the lan can communicate with the vpn nodes, but not the other way round.

Really racking my brain on this one, but want to put a question your way.

The lan is 10.52.1.0/24
The remote network is 10.125.125.0/24

I have enabled logging on the default rule on ipsec and I can see the allowed connection attempts from the remote network on the monowall logs, but the lan nodes don't. I've put wireshark on with all firewall settings on the lan node switched off.

The following caught my eye

Code:

Nov 11 16:29:46 racoon: INFO: 10.0.0.254[4500] used as isakmp port (fd=33)
Nov 11 16:29:46 racoon: INFO: 10.0.0.254[4500] used for NAT-T
Nov 11 16:29:46 racoon: INFO: 10.0.0.254[500] used as isakmp port (fd=32)
Nov 11 16:29:46 racoon: INFO: 10.0.0.254[500] used for NAT-T

Is the Nat the attempts to use 10.0.0.254 to blame here?
If so, how can I fix it.
If not,  has anyone else had a similar issue at all and resolved it?
« Reply #1 on: November 13, 2014, 01:54:16 »
Lee Sharp *****
Posts: 517

Is the WAN private IP addresses?  And Are you denying private IPs on the WAN?
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines