Date: Tue, 8 Jan 2002 19:31:48 -0500 From: "jack xiao" <jack_xiao99@hotmail.com> To: <tech@openbsd.org> Cc: <freebsd-security@FreeBSD.ORG> Subject: isakmpd configuration Message-ID: <OE69BB7Oqn1y7aG8jN20000bd5c@hotmail.com>
index | next in thread | raw e-mail
[-- Attachment #1 --]
Hi,
I am going to set up two IPSec tunnels. One is 192.168.100.0/24 - 10.10.11.0/24, the other is 192.168.100.0/24 - 172.30.1.0/24. The diagram is like the following, 216.95.234.162 and 216.95.234.110 are two VPN gateways.
|--------- 10.10.11.0/24
192.168.100.0/24-----216.95.234.162-------------------------216.95.234.110
|---------- 172.30.1.0/24
I set in the isakmpd.conf as something like the following,
[Phase 1]
216.95.234.110= VPN-11
[Phase 2]
Connections= VPN-12,VPN-22
[VPN-11]
Phase= 1
Transport= udp
Local-address= 216.95.234.162
Address= 216.95.234.110
Configuration= Default-main-mode
Authentication= qqqqqqqq
[VPN-12]
Phase= 2
ISAKMP-peer= VPN-11
Configuration= Default-quick-mode
Local-ID= Net-local-01
Remote-ID= Net-remote-01
[Net-local-01]
ID-type= IPV4_ADDR_SUBNET
Network= 192.168.100.0
Netmask= 255.255.255.0
[Net-remote-01]
ID-type= IPV4_ADDR_SUBNET
Network= 10.10.11.0
Netmask= 255.255.255.0
[VPN-22]
Phase= 2
ISAKMP-peer= VPN-11
Configuration= Default-quick-mode
Local-ID= Net-local-02
Remote-ID= Net-remote-02
[Net-local-02]
ID-type= IPV4_ADDR_SUBNET
Network= 192.168.100.0
Netmask= 255.255.255.0
[Net-remote-02]
ID-type= IPV4_ADDR_SUBNET
Network= 172.30.1.0
Netmask= 255.255.255.0
Is it correct? It seems not work fine. Any ideas will be appreciated.
Thanks a lot!
Jack
[-- Attachment #2 --]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<META content="MSHTML 6.00.2600.0" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hi,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I am going to set up two IPSec tunnels. One is
192.168.100.0/24 - 10.10.11.0/24, the other is 192.168.100.0/24 - 172.30.1.0/24.
The diagram is like the following, 216.95.234.162 and 216.95.234.110
are two VPN gateways.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial
size=2> |---------
10.10.11.0/24 </FONT></DIV>
<DIV><FONT face=Arial
size=2>192.168.100.0/24-----216.95.234.162-------------------------216.95.234.110</FONT></DIV>
<DIV><FONT face=Arial
size=2>
|---------- 172.30.1.0/24</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I set in the isakmpd.conf as something like the
following,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>[Phase
1]<BR>216.95.234.110= VPN-11</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>[Phase 2]<BR>Connections=
VPN-12,VPN-22</FONT></DIV>
<DIV><FONT face=Arial
size=2><BR>[VPN-11]<BR>Phase= 1<BR>Transport= udp<BR>Local-address= 216.95.234.162</DIV>
<DIV>Address=
216.95.234.110<BR>Configuration= Default-main-mode<BR>Authentication= qqqqqqqq</DIV>
<DIV> </DIV>
<DIV>[VPN-12]<BR>Phase= 2<BR>ISAKMP-peer= VPN-11<BR>Configuration= Default-quick-mode<BR>Local-ID= Net-local-01</DIV>
<DIV>Remote-ID= Net-remote-01</DIV>
<DIV> </DIV>
<DIV>[Net-local-01]<BR>ID-type= IPV4_ADDR_SUBNET<BR>Network= 192.168.100.0<BR>Netmask= 255.255.255.0<BR></FONT></DIV>
<DIV><FONT face=Arial size=2>[Net-remote-01]</FONT></DIV>
<DIV><FONT face=Arial
size=2>ID-type= IPV4_ADDR_SUBNET<BR>Network= 10.10.11.0<BR>Netmask= 255.255.255.0<BR></FONT></DIV>
<DIV><FONT face=Arial size=2>
<DIV>[VPN-22]<BR>Phase= 2<BR>ISAKMP-peer= VPN-11<BR>Configuration= Default-quick-mode<BR>Local-ID= Net-local-02</DIV>
<DIV>Remote-ID= Net-remote-02</DIV>
<DIV> </DIV>
<DIV>[Net-local-02]<BR>ID-type= IPV4_ADDR_SUBNET<BR>Network= 192.168.100.0<BR>Netmask= 255.255.255.0<BR></DIV>
<DIV><FONT face=Arial size=2>[Net-remote-02]</FONT></DIV>
<DIV><FONT face=Arial
size=2>ID-type= IPV4_ADDR_SUBNET<BR>Network= 172.30.1.0<BR>Netmask= 255.255.255.0<BR></FONT></DIV></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Is it correct? It seems not work fine. Any ideas
will be appreciated.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Thanks a lot!</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Jack</FONT></DIV></BODY></HTML>
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?OE69BB7Oqn1y7aG8jN20000bd5c>