[Openswan Users] static nat on tunnel ipsec {Escaneado contra Virus y Spam}

fran ursala at samtek.es
Wed Mar 23 14:26:30 CET 2005



hello:

sorry for my english.

i have a fedora core 2 with fresswan 2.06, and i do static nat in tunnel vpn.

with this type of configuration (doing static nat ) i have another two vpn tunnels work correctly:
one tunnel against a cisco vpn, and other one against a nortel vpn, and both (work since 6 months ago)  for they
(cisco vpn or nortel vpn) my GW is my ip public (80.82.108.47) , and they know nothing about my real GW vpn (172.17.0.51),
they dont need it.


but when tunnel is against a freeswan vpn server appear a problem because seem that the GW B  reads my ipsec.conf file and 
read: left=172.17.0.51, but in its ipsec.conf  172.17.0.51 dont exits, and only exits right=80.82.108.47


resuming: VPN B only see the public ip (80.82.108.47) so in its ipsec.conf: right=80.82.108.47, but when IKE negociation occur
server A communicate it 172.17.0.51 (instead of 80.82.108.47) and no IKE negociation occur:

Mar 15 09:48:38 fwint Pluto[7678]: "monteftp" #2: max number of retransmissions (2) reached STATE_MAIN_R2 
Mar 15 09:48:39 fwint Pluto[7678]: "monteftp" #4: responding to Main Mode 
Mar 15 09:48:41 fwint Pluto[7678]: "monteftp" #4: no suitable connection for peer '172.17.0.51' 



subnet:              192.168.32.0/24

gateway VPN      172.17.0.51 (this is my tunnel GW VPN, but is a private ip, so to travel through internet i must to static nated to a public ip: 80.82.108.47)

FIREWALL:         do source static nat to transform the private 172.17.0.51 to a public  ip: 80.82.108.47





my subnet :                 192.168.32.0/24
                                            |
                                            |
my GW VPN:(GW A)             |           172.17.0.51
       ||                                   |                    ||
static nated to                       |            80.82.108.47
                                            |                    ||
                                            |                (tunnel)
                                            |                    ||
the other GW VPN:                |            65.47.25.1
       GW B                                     |
                                            |
the other subnet:         172.16.4.0/24




if static nat works wih cisco and nortel vpn, why dont works with another freeswan?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050323/ba1b9e09/attachment-0001.htm


More information about the Users mailing list