From which machine do I have to do "ping -I A.B.C.D E.F.G.H"
pf has default config and allows everything
forwarding is enabled
Christoph Leser wrote:
you could try
ping -I A.B.C.D E.F.G.H
if this does not work, it might be the packet filter ( pf )
check this with tcpdump -lnevv -i pflog0
regards
christoph
-----Urspr|ngliche Nachricht-----
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Auftrag
von Shohrukh Shoyoqubov
Gesendet: Mittwoch, 21. November 2007 18:08
An: misc@openbsd.org
Betreff: Site-to-site IPSec VPN between OpenBSD and Cisco PIX 515E
Hello! I am having troubles with setting up site-to-site
IPSec VPN tunnel
between OpenBSD and Cisco PIX 515E. I have the following configuration
[ A.B.C.B ] <-> [ OpenBSD 4.1 (M.N.O.P) ] <-- Internet --> [
(I.J.K.L) Cisco
PIX 515E ] <-> [ E.F.G.H ]
# cat /etc/ipsec.conf
ike esp from A.B.C.D to E.F.G.H peer I.J.K.L main auth
hmac-sha1 enc 3des
group modp1024 quick auth hmac-sha1 enc 3des group none psk *secret*
# ipsecctl -s all
FLOWS:
flow esp in from E.F.G.H to A.B.C.B peer I.J.K.L srcid
M.N.O.P/32 dstid
I.J.K.L/32 type use
flow esp out from A.B.C.B to E.F.G.H peer I.J.K.L srcid
M.N.O.P/32 dstid
I.J.K.L/32 type require
SAD:
esp tunnel from M.N.O.P to I.J.K.L spi 0x73b8da7c auth hmac-sha1 enc
3des-cbc
esp tunnel from I.J.K.L to M.N.O.P spi 0xbd5af3e7 auth hmac-sha1 enc
3des-cbc
#
With this configuration I cannot ping E.F.G.H from A.B.C.B
and vice-versa.
Both of these hosts have routes to each others through corresponding
gateways (OpenBSD and Cisco). What am I missing?
Thanks,
Shohrukh
