|
|
Sponsored Content
Operating Systems
BSD
Problem on IPSec
Post 302537632 by aulia on Friday 8th of July 2011 08:31:07 PM
07-08-2011
Problem on IPSec
Hi, this is my first post...
Hello Admin
Can I have an ask for something with my configuration ?
I have finished some kind of the tutorial to build ipsec site to site, and the "step" has finished completely.
I have a simulation with a local design topology with two PC's (FreeBSD 7.0) and the replace for public network (internet media) with a single switch device in the middle, it's look like this :
(PC-A)
Local Network A : 192.168.0.1/24
Network (Gateway) A : 202.10.10.1/24
SWITCH
(PC-B)
Network (Gateway) B : 202.10.10.2/24
Local Network B : 172.168.0.1/24
I got connect all this host by used a static routing, at first the communication between two site is completely connect eg. (Ping to Local Network B to Local Network A).
but when I've finished config the tunnel (GIF interface), started the racoon and ipsec daemon with those all configuration, I can't any longer ping the outside local network (Request Time out).
and sure there's no ESP protokol packet in the output of tcpdump on the traffic, I've tried Racoon-F command too, but the output is stack and look's not running.
Please, any suggest from this problem
I'm really appreciated with the respons, Thank's in advance
Aulia.
Hello Admin
Can I have an ask for something with my configuration ?
I have finished some kind of the tutorial to build ipsec site to site, and the "step" has finished completely.
I have a simulation with a local design topology with two PC's (FreeBSD 7.0) and the replace for public network (internet media) with a single switch device in the middle, it's look like this :
(PC-A)
Local Network A : 192.168.0.1/24
Network (Gateway) A : 202.10.10.1/24
SWITCH
(PC-B)
Network (Gateway) B : 202.10.10.2/24
Local Network B : 172.168.0.1/24
I got connect all this host by used a static routing, at first the communication between two site is completely connect eg. (Ping to Local Network B to Local Network A).
but when I've finished config the tunnel (GIF interface), started the racoon and ipsec daemon with those all configuration, I can't any longer ping the outside local network (Request Time out).
and sure there's no ESP protokol packet in the output of tcpdump on the traffic, I've tried Racoon-F command too, but the output is stack and look's not running.
Please, any suggest from this problem
I'm really appreciated with the respons, Thank's in advance
Aulia.
|
|
9 More Discussions You Might Find Interesting
1. Solaris
Hi,
does anyone have an experience how many IPSec tunnels Solaris 10 is able manage. A rough estimation would be great.
I know it's hardly dependent on the hardware used, so if anyone says on a 490 with 2 CPUs and 4GB RAM a maximum of 1000 IPSec tunnels is possible, that would be great.
I... (1 Reply)
Discussion started by: blombo
1 Replies
2. Cybersecurity
Hi,
I am facing problem while setting up ISAKMP between two hosts.
I can see only the Initiator messages but no responder messages in tcpdump. Does anyone know the cause of this behaviour?
FYI, here is the extracted information from tcpdump :
14:47:08.699113 IP 10.118.231.143.isakmp >... (0 Replies)
Discussion started by: universalTechie
0 Replies
3. IP Networking
Hello,
I'm trying to setup a gateway VPN between two routers across an unsecured network between two local networks. The routers are both linux and I'm using the ipsec tools, racoon and setkey. So far hosts from either local net can successfully ping hosts on the other local net without issue.
... (0 Replies)
Discussion started by: salukibob
0 Replies
4. Red Hat
Hi,
I am trying to set a policy between 2 machines for all the ports except for 22 i.e. for tcp - basically I want to bypass ssh. But my policy doesn't seem to work. Here are the entries
spdadd 1.2.3.4 4.3.2.1 any -P out prio 100 ipsec esp/transport//require ah/transport//require;
spdadd... (0 Replies)
Discussion started by: ahamed101
0 Replies
5. UNIX for Advanced & Expert Users
How can i implement Ipsec between two machines in linux_ ubuntu?
any link?? suggestion?? (0 Replies)
Discussion started by: elinaz
0 Replies
6. Cybersecurity
hello,
after configuration ipsec in ip4 I can not ping between client and server whereas I had success ping before configuration!
I also generate different key for AH and ESP as i have shown below.
what is my problem and what should i do to have ping and test the configuration?
code:
... (0 Replies)
Discussion started by: elinaz
0 Replies
7. AIX
Hi Guys,
Please could you tell me if it is possible to have a single rule/filter to allow a certain port range instead of a separate rule for each port?
I'm sure it must be possible but I am unable to find the syntax.
Thanks
Chris (4 Replies)
Discussion started by: chrisstevens
4 Replies
8. IP Networking
Hi all,
I have installed Openswan and configured IPSec and works perfect, but for some unknown reasons it stop working. I see that the tunnels are up and established. The route to the destination are added. Everything by the book seems to be ok. But somehow when i start to ping the other side (... (4 Replies)
Discussion started by: ivancd
4 Replies
9. Solaris
I want a lan encrypted with ipsec.
This is my /etc/inet/ike/config
p1_xform
{ auth_method preshared oakley_group 5 auth_alg sha256 encr_alg aes }
p2_pfs 2
this is my /etc/inet/secret/ike.preshared
# ike.preshared on hostA, 192.168.0.21
#...
{ localidtype IP
localid... (1 Reply)
Discussion started by: Linusolaradm1
1 Replies
LEARN ABOUT HPUX
ipsec_config_batch
ipsec_config_batch(1M) ipsec_config_batch(1M) NAME
ipsec_config_batch - allow for processing of IPsec config operations in a single batch file SYNOPSIS
batch_file_name profile_file] DESCRIPTION
The command allows you to specify multiple and operations in a single batch file for processing. HP-UX IPSec processes the operations in a batch file as a group. This mode is useful if you are adding or deleting configuration records that may affect other records. If one operation is invalid, all operations in the batch file fail. The utility first verifies each operation in the batch file for syntax errors and collisions (object names and priority values) with existing entries in the configuration database. If all operations in the batch file are valid, the HP-UX IPSec infrastructure updates the configuration database with all operations at the same time. If HP-UX IPSec is active and running, the HP-UX IPSec infrastructure also updates the runtime policy database. Options and Operands The batch operation recognizes the following options and operands: batch_file_name The name of the batch file containing and operations. A batch file cannot contain operations that operate on the following objects: For example, the operation is illegal in a batch file. In addition, a batch file cannot contain the following commands: o does not allow recursive batch files) or commands. o o Lines starting with a pound sign are interpreted as comments. Comment lines within an operation are not allowed. Maximum length: 1023 characters. Default: None. The utility verifies the and operations, but does not add or delete entries in the configuration database. This option applies to all operations in the batch file. Individual operations in the batch file cannot specify the option. Specifies the name of the profile file containing default argument values for this policy. The argument values are evaluated once, when the policy is added to the configuration database. Val- ues used from the profile file become part of the configuration record for the policy. This argument applies to all operations in the batch file. Individual operations in the batch file cannot specify the profile argument. Maximum length: 1023 characters. Default: EXAMPLES
The file contains the following entries: AUTHOR
was developed by HP. FILES
configuration database. default profile file. SEE ALSO
ipsec_admin(1M), ipsec_config(1M), ipsec_config_add(1M), ipsec_config_delete(1M), ipsec_config_export(1M), ipsec_config_show(1M), ipsec_migrate(1M), ipsec_policy(1M), ipsec_report(1M). HP-UX IPSec Software Required ipsec_config_batch(1M)