Hi
I have some problem on the ipsecadm setting as i ping from
172.16.22.2
to 10.150.17.2 i cant get reply from 10.150.17.2 but i can
get replay as
i tcpdump on the WAN interface at 1.1.1.1 and 2.2.2.2 but
untill 2.2.2.2
interface it ihas the replay but without the
"encap". It means when the
packet from 10.150.17.2 back to 10.17.22.2 the 10.150.17.2
didn't enter
the tunnel so no "encap". My setting is as
below. Can anyone point out
the error?
Server
ipsecadm ipcomp \
-comp lzs \
-cpi 0x0704 \
-src 1.1.1.1 -dst 2.2.2.2
ipsecadm ipcomp \
-comp lzs \
-cpi 0x0407 \
-src 2.2.2.2 -dst 1.1.1.1
ipsecadm flow -in -require -proto ipcomp \
-src 1.1.1.1 -dst 2.2.2.2 \
-addr 172.16.22.0/24 10.150.17.0/24
ipsecadm flow -out -require -proto ipcomp \
-src 1.1.1.1 -dst 2.2.2.2 \
-addr 10.150.17.0/24 172.16.22.0/24
I added "route add -net 172.16.22.0/24 2.2.2.2"
Client
ipsecadm ipcomp \
-comp lzs \
-cpi 0x0407 \
-src 1.1.1.1 -dst 2.2.2.2
ipsecadm ipcomp \
-comp lzs \
-cpi 0x0704 \
-src 2.2.2.2 -dst 1.1.1.1
ipsecadm flow -in -require -proto ipcomp \
-src 2.2.2.2 -dst 1.1.1.1 \
-addr 10.150.17.0/24 172.16.22.0/24
ipsecadm flow -out -require -proto ipcomp \
-src 2.2.2.2 -dst 1.1.1.1 \
-addr 172.16.22.0/24 10.150.17.0/24
I added "route add -net 10.150.17.0/24 202.171.48.9
* i tcpdump on both gateway and have request no encap but
replay with
encap
* i can't ping from subnet to subnet as i tcpdump on the
subnet host no
reply from the other end of subnet. On gateway there is
request and
reply messages with just encap on the WAN interface while
LAN interface
with just request and reply messages.
Any Ideas?
|