Hello endian community
first of all, my knowledge about ipsec and efw is pretty poor, because i am new to the ipsec thematic - sorry for that.
i have a question about establishing an ipsec tunnel to a other company.
The Tunnel
192.168.182.0/24===88..250---88..249...88..249---213..3===10.43.10.118/32
Phase 1 is established -> OK.
The problem occurs when the two firewalls try to establish the IPSEC SA
#
ipsec auto --status displays the following:
000 #190: "VPN":500 STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT in 15s; lastdpd=-1s(seq in:0 out:0)
000 #1: "VPN":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 15032s; newest ISAKMP; lastdpd=13148s(seq in:20873 out:0)
0
The "OtherCompany" told me, that i have to add a rule to my tunnel, which says that only port 2049 is allowed. so i tried to add the following rule/policy:
src 10.43.10.118/32 dst 192.168.182.0/24 via TCP2049
src 192.168.182.0/24 dst 10.43.10.118/32 via TCP2049
But where do i have to add this rule? I found 3 possible points:
Network - Routing - Policy Routing ?
Firewall - Outgoing Traffic ?
Firewall - VPN Traffic ?
The "OtherCompany" now checks, during the tunnel setup process, if my EFW has defined these policy. The "OtherCompany" IT employe says that my EFW doesnt send these information. He told my that my efw always send 0 -> but i don't know where i can aktivate the feature, that my EFW sends these information.
If the "OtherCompany" disables the "portcheck" or the "policycheck" (sorry, i don't now the special word for it) then the tunnel is established successfull
Thanks for your time,
best regards.
Please tell me if you need additional information.
Author