|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Aaron Segura (aaron
robotnet.eu.org)Date: Fri Feb 23 2001 - 06:47:07 CST
I am setting up isakmpd, and have successfully established a connection,
however, I do not receive replies to any traffic I send from either side
of the network...I see the ICMP req's going across (encapsulated, of
course), but I never get a reply. 'tcpdump -i enc0' and 'tcpdump -i
<EXT-ETH>' on each side shows the packet leaving the sender, and
reaching the recipient on the external network device, but never coming
out of enc0. My firewall rules regarding enc0 are "pass in/out quick on
enc0" for testing purposes. Same with the actual network devices on
each end, with a special rule to pass in/out esp traffic explicitly.
I have two hosts: East and West. The encap routes on east:
Encap:
Source Port Destination Port Proto
SA(Address/Proto/Type/Direction)
WEST-INT-NET/8 0 EAST-INT-NET/24 0 0
WEST-EXT-IP/50/require/in
WEST-EXT-IP/32 0 EAST-INT-NET/24 0 0
WEST-EXT-IP/50/require/in
WEST-EXT-IP/32 0 EAST-EXT-IP/32 0 0 WEST-EXT-IP/50/require/in
EAST-INT-NET/24 0 WEST-INT-NET/8 0 0
WEST-EXT-IP/50/require/out
with exactly the opposite on "west". Sorry I can't give out actual IP's
due to the west admin's request.
My thoughts are that my problem has to do with routing/flows...but then
again, I haven't been able to get this to work for a week, so what do I
know?
OpenBSD2.8 on each end...please please please help if you can. If I've
left out any important information, let me know.
Thanks,
Aaron Segura
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]