<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1252">
<META content="MSHTML 6.00.2800.1170" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV> </DIV>
<DIV style="FONT: 10pt arial">----- Original Message -----
<DIV style="BACKGROUND: #e4e4e4; font-color: black"><B>From:</B> <A
title=shamblett@cwazy.co.uk href="mailto:shamblett@cwazy.co.uk">Steve
Hamblett</A> </DIV>
<DIV><B>To:</B> <A title=stephen.hamblett@thalesgroup.com
href="mailto:stephen.hamblett@thalesgroup.com">stephen.hamblett@thalesgroup.com</A>
</DIV>
<DIV><B>Sent:</B> Thursday, December 21, 2006 2:46 PM</DIV>
<DIV><B>Subject:</B> Net to Net connection question.</DIV></DIV>
<DIV><BR></DIV>
<DIV><FONT face=Arial size=2>Hi,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I have the following setup :-</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>(192.168.0.253) - Local laptop running
FC6</FONT></DIV>
<DIV><FONT face=Arial size=2>||</FONT></DIV>
<DIV><FONT face=Arial size=2>(xxx.xxx.xxx.xxx)/(192.168.0.1) - Local
server/firewall/router running FC6</FONT></DIV>
<DIV><FONT face=Arial size=2>||</FONT></DIV>
<DIV><FONT face=Arial size=2>-- internet</FONT></DIV>
<DIV><FONT face=Arial size=2>||</FONT></DIV>
<DIV><FONT face=Arial size=2>(yyy.yyy.yyy.yyy) - Remote watchguard soho 6 VPN
box</FONT></DIV>
<DIV><FONT face=Arial size=2>||</FONT></DIV>
<DIV><FONT face=Arial size=2>(aaa.aaa.aaa.aaa) - Remote network</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>When I run openswan from my laptop to set up a
net-to-net tunnel(pre-shared key) through the soho 6 VPN box all works
well, I can see all machines </FONT><FONT face=Arial size=2>on the remote net
through the tunnel as expected , however, if I run openswan on my local server
machine and change the conn details appropriately to </FONT><FONT face=Arial
size=2>use its local address(192.168.0.1) and the correct eth
device(as this has 2) then the tunnel comes up but I cant see the
remote net. Pinging seems to not go down the tunnel ie I get ICMP replies back
from routers on my internet subnet, hence I cant see the remote subnet from this
machine. I've obviously missed something here, note that I'm trying to do this
without touching any other parameters on any other box, ie no changes to my
local server or watchguard box, just by changing openswan conn parameters alone.
Is this possible? </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I can post conn files and ipsec verify etc if
needed, indeed 'ipsec verify' when run on my server machine does complain about
ICMP redirects, but as said above I dont want to change anything at the machine
level if I can help it.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Thanks in advance</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Steve H.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV></BODY></HTML>