#1  
Old August 15th, 2009, 11:36 PM
markmg markmg is offline
Junior Member
NETGEAR Newbie
 
Join Date: Aug 2009
Posts: 18
markmg is on a distinguished road
Default VPN to HP ilo for remote admin

I am trying to remotley connect to an HP Ilo interface

located at inside ip 192.168.1.50

i am using the Shrew Soft VPN client because of the 64bit issue

Dsl modem is in bridge mode connected to the FVX538

FVX538 ip= 192.168.1.100

I followed this manual

http://www.shrew.net/support/wiki/HowtoNetgear


changed the parameters to
Record Name = vpnclient-cfg
First Pool = 192.168.1.10 192.168.1.20
WINS Server = 192.168.1.100
DNS Server = 192.168.1.100
Traffic Tunnel Security Level
PFS Key Group = Unchecked
SA Lifetime = 3600 Seconds
Encryption Algorithm = 3DES
Integrity Algorithm = SHA-1
Local IP Address = 192.168.1.0
Local Subnet Netmask = 255.255.255.0

I makes a connection,

config loaded for site '**.***.***.**'
configuring client settings ...
attached to key daemon ...
peer configured
iskamp proposal configured
esp proposal configured
client configured
local id configured
pre-shared key configured
bringing up tunnel ...
network device configured
tunnel enabled


but i cant connect to the HP ilO interface at 192.168.1.50.

Could someone please explain to me why it isnt working and how i can get it to work ?
Reply With Quote
  #2  
Old August 16th, 2009, 07:14 AM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Junior Member
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: VPN to HP ilo for remote admin

you can not use use same IP on remote

pooling the IP must be different

if FVS is 192.168.1.x ( I suggest to change to this to more unique as just about every remote router will end up using common 192.168.0.x, 192.168.1.x, 10.0.0.x etc, AVOID)

you should pussh ex. 192.168.5.x for pooling and you MUST be in any remote behind same as 192.168.1.x. that is why it is important to have your FVS to have correct LAN subnet
Reply With Quote
  #3  
Old August 16th, 2009, 07:15 AM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Junior Member
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: VPN to HP ilo for remote admin

see my site how it should be done and shrew setups on my site
Reply With Quote
  #4  
Old August 16th, 2009, 07:16 AM
adit's Avatar
adit adit is offline
Moderator
NETGEAR Fanatic
 
Join Date: Nov 2006
Location: USA
Posts: 5,334
adit is on a distinguished road
Default Re: VPN to HP ilo for remote admin

WAN IP on 538 has to be public, not private.

There are 3 unique subnets in a VPN. The Local LAN, the Remote LAN, and the VPN subnet.
Reply With Quote
  #5  
Old August 16th, 2009, 08:06 AM
markmg markmg is offline
Junior Member
NETGEAR Newbie
 
Join Date: Aug 2009
Posts: 18
markmg is on a distinguished road
Default Re: VPN to HP ilo for remote admin

Thanks for the help, but i am not understanding it.

i have looked and at the vpn study site, and its not getting me any further

i made some adjustments but thats not working

Could you please tell me on what picture i have to change to get it working?

this is my local setup


client vpn ip


Mode Config


IKE Policy


LAN FVX
Reply With Quote
  #6  
Old August 16th, 2009, 08:14 AM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Junior Member
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: VPN to HP ilo for remote admin

looks right... to me....

shrew client on my case studies will work.

I would bypass using XAuth first. although it is a nice feature to be more secure

also why you would copy ALL... client.domain.com ,, this will not work. domain.com is valid domain that works.

use client.fvx_local.com (all the instruction are concept and not to copy all, although all my case studies are actual working studies so it will work )

Last edited by jmizoguchi; August 16th, 2009 at 08:17 AM.
Reply With Quote
  #7  
Old August 16th, 2009, 08:31 AM
adit's Avatar
adit adit is offline
Moderator
NETGEAR Fanatic
 
Join Date: Nov 2006
Location: USA
Posts: 5,334
adit is on a distinguished road
Default Re: VPN to HP ilo for remote admin

FQDN needs to be non-routable (client.domain.com; use fvx_remote.com), unless it is a DynDNS name.

Mode Config Record - Local IP Address needs to be 192.168.10.0 not .1.

Read my SA Lifetime Guidelines.

If you are using XAUTH make sure you have a Username and Password setup, and the Shrew Client is setup for Extended Authentication.
Reply With Quote
  #8  
Old August 16th, 2009, 10:03 AM
markmg markmg is offline
Junior Member
NETGEAR Newbie
 
Join Date: Aug 2009
Posts: 18
markmg is on a distinguished road
Default Re: VPN to HP ilo for remote admin

changed the FQDN and the SA lifetime to 14440
Also changed the Mode config record LAN ip to 192.168.1.0

i have been reading lots of cases (thanks for the login to read the articles ), i started yesterday at 13:00 and stil cant get it to work

it connect's but i cant go to 192.168.10.50 (ilo)

arp-a
Interface: 192.168.1.2 --- 0xd
Internet Address Type
192.168.1.1 dynamic
192.168.1.108 dynamic
192.168.1.255 static
224.0.0.2 static
224.0.0.22 static
224.0.0.252 static
239.255.255.250 static
255.255.255.255 static

Interface: 192.168.5.3 --- 0x13
Internet Address Type
224.0.0.2 static
224.0.0.22 static
224.0.0.252 static

Pinging 192.168.10.1 with 32 bytes of data:
Request timed out.

Ping statistics for 192.168.10.1:
Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),

C:\>ping 192.168.10.50

Pinging 192.168.10.50 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

ipconfig

Ethernet adapter Local Area Connection*1:

Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::cb0:89a3:bd02:41ca%19
IPv4 Address. . . . . . . . . . . : 192.168.5.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :

Ethernet adapter LAN:

Connection-specific DNS Suffix . : router.linksys
IPv4 Address. . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

Tunnel adapter isatap.router.lcs:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : router.linksys

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:d5c7:a2d6:34c0:256b:ab0a:df4b
Link-local IPv6 Address . . . . . : fe80::34c0:256b:ab0a:df4b%14
Default Gateway . . . . . . . . . : ::

Tunnel adapter isatap.{00328B01-1CCD-4BE9-820F-2E111BE65E7E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

vpn trace


Local firewall/spyware/virusscanner are disabled
Reply With Quote
  #9  
Old August 16th, 2009, 10:17 AM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Junior Member
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: VPN to HP ilo for remote admin

Quote:
Also changed the Mode config record LAN ip to 192.168.1.0
you can NOT make pool same as REMOTE LAN subnet (192.168.1.x)

leave where it was 192.168.5.x

192.168.10.x FVX
192.168.5.x for mode config IP pool

192.168.1.x for remote router subnet

this is perfectly fine.
Reply With Quote
  #10  
Old August 16th, 2009, 02:49 PM
adit's Avatar
adit adit is offline
Moderator
NETGEAR Fanatic
 
Join Date: Nov 2006
Location: USA
Posts: 5,334
adit is on a distinguished road
Default Re: VPN to HP ilo for remote admin

Quote:
Originally Posted by markmg View Post
Also changed the Mode config record LAN ip to 192.168.1.0
Mode Config Record - Local IP Address needs to be 192.168.10.0 not 192.168.1.0
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 01:01 AM.