Title: IPSEC Tunnnel port policy check failure Post by: xnecio on Saturday 10 April 2010, 01:06:57 am Hello endian community :)
first of all, my knowledge about ipsec and efw is pretty poor, because i am new to the ipsec thematic - sorry for that. i have a question about establishing an ipsec tunnel to a other company. The Tunnel Code: 192.168.182.0/24===88..250---88..249...88..249---213..3===10.43.10.118/32 The problem occurs when the two firewalls try to establish the IPSEC SA #ipsec auto --status displays the following: Code: 000 #190: "VPN":500 STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT in 15s; lastdpd=-1s(seq in:0 out:0) The "OtherCompany" told me, that i have to add a rule to my tunnel, which says that only port 2049 is allowed. so i tried to add the following rule/policy: Code: src 10.43.10.118/32 dst 192.168.182.0/24 via TCP2049 But where do i have to add this rule? I found 3 possible points: Network - Routing - Policy Routing ? Firewall - Outgoing Traffic ? Firewall - VPN Traffic ? The "OtherCompany" now checks, during the tunnel setup process, if my EFW has defined these policy. The "OtherCompany" IT employe says that my EFW doesnt send these information. He told my that my efw always send 0 -> but i don't know where i can aktivate the feature, that my EFW sends these information. If the "OtherCompany" disables the "portcheck" or the "policycheck" (sorry, i don't now the special word for it) then the tunnel is established successfull ??? Thanks for your time, best regards. Please tell me if you need additional information. |