[Openswan Users]
no suitable conection for peer {Escaneado contra Virus y Spam}
fran
ursala at samtek.es
Tue Mar 22 11:01:21 CET 2005
hello everyone:
in my net, my VPN (server SERVER_A) is in internal network, so the interface ipsec0 is 172.17.0.51 (private ip),
in my ipsec.conf my Gateway is 172.17.0.51 (left=172.17.0.51), but when tis IP arrives to my Firewall,
is nated to a public IP to go out to internet ( for example to a 80.45.12.28).
the other part of VPN ( SERVER_B) must have in its ipsec.conf : right=80.45.12.28 because it see arrives the packets
from the public IP (80.45.12.28), but when IKE negociation a mistake occur because the Gateway that the SERVER_A
communicate it is 172.17.0.51 and not 80.45.12.28:
Mar 15 09:48:38 fwint Pluto[7678]: "monteftp" #2: max number of retransmissions (2) reached STATE_MAIN_R2
Mar 15 09:48:39 fwint Pluto[7678]: "monteftp" #4: responding to Main Mode
Mar 15 09:48:41 fwint Pluto[7678]: "monteftp" #4: no suitable connection for peer '172.17.0.51'
this is the problem: SERVER_B in its ipsec.conf must have right=80.45.12.28 because is the IP that it see arrives and send
the packets, but in the IKE negociation SERVER_A say to SERVER_B that SERVER_A is 172.17.0.51 and not 80.45.12.28,
and cause the error: no suitable connection for peer '172.17.0.51'
SERVER_A--------------FIREWALL ----------internet-------------- SERVER_B
172.17.0.51(nated to:)80.45.12.28
i need a solucion.
thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050322/6cea8b2e/attachment.htm
More information about the Users
mailing list