[Openswan Users] server VPN-FREESWAN behind Firewall with static nat {Escaneado contra Virus y Spam}

fran ursala at samtek.es
Tue Apr 5 12:13:25 CEST 2005


hello everyone:


in my net, my VPN (server SERVER_A) is in internal network, so the interface ipsec0 is 172.17.0.51 (private ip), 
in my ipsec.conf my Gateway is 172.17.0.51  (left=172.17.0.51), but when tis IP arrives to my Firewall, 
is nated (static nat) to a public IP to go out to internet ( for example to a 80.45.12.28). 
the other part of VPN ( SERVER_B) must have in its ipsec.conf : right=80.45.12.28 because it see arrives the packets 
from the public IP (80.45.12.28), but when IKE negociation a mistake occur because the Gateway that the SERVER_A 
communicate it is 172.17.0.51 and not 80.45.12.28: 
  
Mar 15 09:48:38 fwint Pluto[7678]: "monteftp" #2: max number of retransmissions (2) reached STATE_MAIN_R2 
Mar 15 09:48:39 fwint Pluto[7678]: "monteftp" #4: responding to Main Mode 
Mar 15 09:48:41 fwint Pluto[7678]: "monteftp" #4: no suitable connection for peer '172.17.0.51' 

this is the problem: SERVER_B in its ipsec.conf must have right=80.45.12.28 because is the IP that it see arrives and  send 
the packets, but in the IKE negociation SERVER_A say to SERVER_B that SERVER_A is 172.17.0.51 and not 80.45.12.28, 
and cause the error:  no suitable connection for peer '172.17.0.51' 
  
  
SERVER_A--------------FIREWALL  ----------internet--------------  SERVER_B 
172.17.0.51(nated to:)80.45.12.28 
  
i need a solucion. 
  
thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050405/5ce1c066/attachment.htm


More information about the Users mailing list