Markus Wernig wrote:
It's because of:
ike passive esp from 192.168.0.0/24 to any local egress dstid
[EMAIL PROTECTED] psk xxx
Yes, it's because of that. But I'm convinced that you don't need that at
all.
From what I understand, you just need to give access from some remote
network(s) to your office net. Please correct me if you are trying to
achieve something else.
No, i'm trying to connect HOME_GATEWAY to office network. I don't want
to connect home network to office network.
Again (see last post):
Home gateway:
ike dynamic esp from HOME_NET to 192.168.0.0/24 peer OFFICE_EXTERNAL_IP
psk xxx
Office gateway:
ike passive esp from HOME_NET to 192.168.0.0/24 psk xxx
(if you have more than one external networks, you can put "any" instead
of "HOME_NET" or repeat the stanza for each network.)
Are you sure that the rule for office gateway is correct? I think you
mean "from 192.168.0.0/24 to HOME_NET". And if i put "any" instead of
network addresses i will get that same issue: all outgoing traffic will
flow through my home gateway.
--
Alexey Vatchenko
http://www.bsdua.org
