Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 26 November 2024, 05:52:37 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  Really stuck setting up IPSec - unsure of settings for my Net 2 Net
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Really stuck setting up IPSec - unsure of settings for my Net 2 Net  (Read 13522 times)
clarose
Jr. Member
*
Offline Offline

Posts: 7


« on: Monday 07 July 2014, 03:36:04 am »

Remote site 10.10.x.x internal, 123.123.123.1 public
Machine on their INTERNAL network makes request to 172.16.16.1 which is intercepted and sent by their firewall to our PUBLIC IP address handled by Endian 3.0 Community

Our internal is 192.168.3.0/24

My IPSEC Settings:
Local IntFace:  Uplink (RED)
Local subnet:  192.168.3.0/24
Remote IP:     123.123.123.1
Remote subnet: 10.10.0.0/16
All the encryption and PSK is setup and correct.

What do I need to do to "see" the request the remote side made to 172.16.16.1?  Does it show up on the Endian as 172.x.x.x or 10.10.x.x?
Do I put in an incoming route for 10 series or 172 series? 

IPSec connection shows "Connected" but always sending retransmit packets:
ipsec 08[NET] sending packet: from (OUR PUBLIC IP)[500] to (Their Public IP)[500] (76 bytes)
ipsec 08[IKE] sending retransmit 3 of request message ID 2230995878, seq 4

I am at a loss.
Logged
djkouza
Jr. Member
*
Offline Offline

Posts: 2


« Reply #1 on: Tuesday 23 September 2014, 08:31:08 am »

It could all depend on the remote firewall. 

But for what it's worth, here is a setup I have that is working.

I have a Endian 3.0 in Site A with local IP 192.168.x.x/16  and a Juniper in site B with local IP 10.33.x.x/16.  On the Endian side nothing short of setting up the IPsec tunnel was needed.  On the Juniper side I had to setup the IPsec connection, then a route for traffic as well as firewall policies to allow traffic through.  (note:  from what I can tell it's a bug that EFW 3.0 currently doens't allow firewall of the IPsec connection, so once fixed Endian MAY need some firewall policies as well)

Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com