[Openswan Users] Problem with networking traffic past the tunnel
paul at xelerance.com
Tue Nov 3 14:45:47 EST 2009
On Tue, 3 Nov 2009, Jay Smith wrote:
> Greetings fellow travellers. I have an interesting problem that I
> hope someone can help illuminate.
> We have a 'working' tunnel. The remote site (192.168.50.xx, Cisco
> ASA 3000 series) is able to ping the local gateway box (Suse
> Enterprise Linux 11, kernel 220.127.116.11-5-pae) at 172.38.xx.xxx, but
> nothing beyond the gateway on the local side;
Usually that means forwarding is disabled, or some accidental NAT is happening.
What does "ipsec verify" say?
There might also be issues if the ipsec gateway is not the default gateway,
and return packets never reach it due to a missing route back to the ipsec server.
More information about the Users