Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 19 November 2024, 09:39:53 am

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14258 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  VPN between two efw-2.4 firewalls established but traffic won't pass
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: VPN between two efw-2.4 firewalls established but traffic won't pass  (Read 11920 times)
rwebb616
Full Member
***
Offline Offline

Posts: 16


« on: Saturday 20 August 2011, 04:13:27 am »

Hi,

I have two Endian 2.4 machines that have a VPN established between them but clients behind the firewalls cannot ping the other side.  If I SSH into the firewall the firewall can ping the other side without issue. 

If I enable the NAT option on the client side then there is one-way communication which helps, but is not what we need.  We need to be able to have two-way communication between the boxes.

I am setting up client to server in routed mode.  I've listed the network behind client in the user setup.  My setup is basically this:

172.16.14.0 (client network) ---> Red Int to the Internet --->  Red Int on server ---> 172.16.12.0 (server network)

Before anyone suggests turning on the vpn firewall and configuring it, I have done that.  I have both sides allowing any/any on the vpn firewall.  I've also tried it with the vpn firewall turned off.

I am thinking the configuration is correct as I have a similar vpn set up between a  of 2.1.2 firewalls and it works.  I don't know if I'm just missing an option somewhere or what.

Thanks in advance!

-Rich
Logged
plucky_84
Jr. Member
*
Offline Offline

Posts: 1


« Reply #1 on: Friday 14 October 2011, 03:10:58 am »

I assume this is a site to site, or net 2 net VPN connection and using IPsec for the VPN.

I have IPsec running smoothly on 6 endian firewall and all traffic goes through. This is what I did.

Turned off VPN firewall.
Turn off outgoing traffic firewall as well just to be sure. can turn on after vpn connection is made and test connection with outgoing traffic firewall turned on.

IPSec tunnels:

at Site1:
Add new net 2 net vpn
interface = Uplink Main (only have 1 uplink on my firewalls)
remote host/IP 88.88.88.88 (whatever your static IP is for remote site2 with endian firewall)
local subnet 192.168.100.0/24
remote subnet 192.168.200/24
remote id & local id: left blank. (if you are going to use this, make sure local id matches the remote id on the remote endian firewall; vice versa on remote id)
Dead peer detection action: Restart

Authentication:
Pre-Shared Key: (use your own private key; can be anything but this must be entered exactly on the remote endian firewall)

under advance settings:
make sure settings you choose matches on the remote endian firewall as well.


On remote site2 endian firewall:
use all the same as above except:
remote host ip: (point to site1 static IP)
local subnet: 192.168.200.0/24
remote subnet: 192.168.100.0/24

hopefully this helps a bit. I'm in the process of switching over to OpenVPN.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com