[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ipsec tunnel mode help...
Hi;
I have a vpn setup of
# 192.168.82.0/24 - west [.1] - 10.0.0.0/24 - [.2] east - 192.168.100.0/24
I run `isakmpd -d &` and then I ping from 192.168.92.0/10.0.0.1 box to the
192.168.100.0/10.0.0.2 box. In east box, I run `netstat -ni ifvme0 host
10.0.0.1` and what I can see is only the normal icmp echo reply messages
being exchanged between the 2 boxes.
west box:
WG8168# netstat -rn -f encap
Routing tables
Encap:
Source Port Destination Port Proto
SA(Address/Proto/Type/Direction)
192.168.100/24 0 192.168.82/24 0 0 10.0.0.2/50/use/in
192.168.82/24 0 192.168.100/24 0 0
10.0.0.2/50/require/out
WG8168#
east box:
WG8168# netstat -rn -f encap
Routing tables
Encap:
Source Port Destination Port Proto
SA(Address/Proto/Type/Direction)
192.168.82/24 0 192.168.100/24 0 0 10.0.0.1/50/use/in
192.168.100/24 0 192.168.82/24 0 0
10.0.0.1/50/require/out
WG8168#
In west box, /kern/ipsec reads:
WG8168# cat /kern/ipsec
Hashmask: 31, policy entries: 2
SPI = 697be132, Destination = 10.0.0.1, Sproto = 50
Established 702 seconds ago
Source = 10.0.0.2
Flags (00001082) = <tunneling>
Crypto ID: 4
xform = <IPsec ESP>
Encryption = <3DES>
Authentication = <HMAC-SHA1>
0 bytes processed by this SA
Expirations:
Hard expiration(1) in 498 seconds
Soft expiration(1) in 378 seconds
SPI = 85bce20d, Destination = 10.0.0.1, Sproto = 50
Established 706 seconds ago
Source = 10.0.0.2
Flags (00001082) = <tunneling>
Crypto ID: 2
xform = <IPsec ESP>
Encryption = <3DES>
Authentication = <HMAC-SHA1>
0 bytes processed by this SA
Expirations:
Hard expiration(1) in 494 seconds
Soft expiration(1) in 374 seconds
SPI = f1b95213, Destination = 10.0.0.2, Sproto = 50
Established 706 seconds ago
Source = 10.0.0.1
Flags (00001082) = <tunneling>
Crypto ID: 1
xform = <IPsec ESP>
Encryption = <3DES>
Authentication = <HMAC-SHA1>
0 bytes processed by this SA
Expirations:
Hard expiration(1) in 494 seconds
Soft expiration(1) in 374 seconds
SPI = 7270ec39, Destination = 10.0.0.2, Sproto = 50
Established 702 seconds ago
Source = 10.0.0.1
Flags (00001082) = <tunneling>
Crypto ID: 3
xform = <IPsec ESP>
Encryption = <3DES>
Authentication = <HMAC-SHA1>
0 bytes processed by this SA
Expirations:
Hard expiration(1) in 498 seconds
Soft expiration(1) in 378 seconds
WG8168#
In east box, /kern/ipsec reads:
WG8168# cat /kern/ipsec
Hashmask: 31, policy entries: 2
SPI = 697be132, Destination = 10.0.0.1, Sproto = 50
Established 837 seconds ago
Source = 10.0.0.2
Flags (00001082) = <tunneling>
Crypto ID: 3
xform = <IPsec ESP>
Encryption = <3DES>
Authentication = <HMAC-SHA1>
0 bytes processed by this SA
Expirations:
Hard expiration(1) in 363 seconds
Soft expiration(1) in 243 seconds
SPI = 7270ec39, Destination = 10.0.0.2, Sproto = 50
Established 837 seconds ago
Source = 10.0.0.1
Flags (00001082) = <tunneling>
Crypto ID: 4
xform = <IPsec ESP>
Encryption = <3DES>
Authentication = <HMAC-SHA1>
0 bytes processed by this SA
Expirations:
Hard expiration(1) in 363 seconds
Soft expiration(1) in 243 seconds
SPI = 85bce20d, Destination = 10.0.0.1, Sproto = 50
Established 841 seconds ago
Source = 10.0.0.2
Flags (00001082) = <tunneling>
Crypto ID: 1
xform = <IPsec ESP>
Encryption = <3DES>
Authentication = <HMAC-SHA1>
0 bytes processed by this SA
Expirations:
Hard expiration(1) in 359 seconds
Soft expiration(1) in 239 seconds
SPI = f1b95213, Destination = 10.0.0.2, Sproto = 50
Established 841 seconds ago
Source = 10.0.0.1
Flags (00001082) = <tunneling>
Crypto ID: 2
xform = <IPsec ESP>
Encryption = <3DES>
Authentication = <HMAC-SHA1>
0 bytes processed by this SA
Expirations:
Hard expiration(1) in 359 seconds
Soft expiration(1) in 239 seconds
WG8168#
Since I don't see the esp/spi packets going in and out with tcpdump output,
my vpn setup is not working. Any idea what am I mising?
Regards,
TEH