FVG318 Remote Desktop issue

[jmizoguchi]

Quote:

Using IPsec SA configuration: 10.0.0.0/24<->0.0.0.0/0 from Ebbeÿÿÿ

0.0.0.0... does not look right

[Ebbe]

0.0.0.0... does not look right
No, but then the FVG generates a policy:

2010-03-18 : INFO: No policy found, generating the policy : 192.168.1.100/32[0] 10.0.0.0/24[0] proto=any dir=in

which seems right to me? The laptop (external) have 192.168 and the local computer have 10.0.

[adit]

Like I said in my previous post, post screenshots for review.

[Ebbe]

Hope the screenshots are working!


http://img163.imageshack.us/i/fvg2.jpg/
http://img225.imageshack.us/i/shrew1.jpg/
http://img684.imageshack.us/i/shrew2.jpg/
http://img265.imageshack.us/i/shrew3.jpg/
http://img718.imageshack.us/i/shrew4.jpg/
http://img405.imageshack.us/i/shrew5.jpg/
http://img37.imageshack.us/i/shrew6.jpg/
http://img179.imageshack.us/i/shrew7.jpg/
http://img697.imageshack.us/i/shrew8.jpg/
http://img121.imageshack.us/i/shrew9.jpg/

[jmizoguchi]

Quote:

Originally Posted by Ebbe

0.0.0.0... does not look right
No, but then the FVG generates a policy:

2010-03-18 : INFO: No policy found, generating the policy : 192.168.1.100/32[0] 10.0.0.0/24[0] proto=any dir=in

which seems right to me? The laptop (external) have 192.168 and the local computer have 10.0.

I can't look the screenshot since I'm on my phone but

0.0.0.0 entry is not right

I have 100%. Working order case studies

[jmizoguchi]

suggestion is to look at my case study

http://vpncasestudy.com/casestudy/FV...casestudy.html

[adit]

Ebbe and Via are not FQDN's. Use what is in the tutorial.

shrew1 - set the Local IP to 192.168.100.1

[Ebbe]

Ehmmm. I just found out why I couldn`t connect to my local network through the FVG. An IP-phone box acted as another NAT device in front of the FVG. This box has been disabled for a period of time, but has started to work after a power-reset. Sorry. I have disconnected this box and are now able to connect to my network from internet. (Using settings like screenshots) But still not able to connect to the FVS from my local net.

[Ebbe]

This is the log from the remote FVS:

[2010-03-18 23:53:09][==== IKE PHASE 1(from 90.149.XXX.XXX) START (responder)
[2010-03-18 23:53:09]**** RECEIVED FIRST MESSAGE OF AGGR MODE ****
[2010-03-18 23:53:09]<POLICY: > PAYLOADS: SA,PROP,TRANS,KE,NONCE,ID,VID,VID,VID,VID,VID,VID, VID,VID,VID,VID
[2010-03-18 23:53:09]<LocalRID> Type=ID_FQDN,ID DATA=Ebbe
[2010-03-18 23:53:09]<RemoteLID> Type=ID_FQDN,ID DATA=Ebbe
[2010-03-18 23:53:12]<POLICY: Ebbe> PAYLOADS: SA,PROP,TRANS,KE,NONCE,ID,HASH,VID,NATD,NATD,NATD
[2010-03-18 23:53:12]**** SENT OUT SECOND MESSAGE OF AGGR MODE ****
[2010-03-18 23:53:12]**** RECEIVED THIRD MESSAGE OF AGGR MODE ****
[2010-03-18 23:53:12]<POLICY: Ebbe> PAYLOADS: HASH,NATD,NATD
[2010-03-18 23:53:12]**** AGGR MODE COMPLETED ****
[2010-03-18 23:53:12][==== IKE PHASE 1 ESTABLISHED====]
[2010-03-18 23:53:12]**** RECEIVED INFORMATIONAL EXCHANGE MESSAGE ****

When I try to ping:

[2010-03-18 23:53:35][==== IKE PHASE 2(from 90.149.XXX.XXX) START (responder)
[2010-03-18 23:53:35]**** RECEIVED FIRST MESSAGE OF QUICK MODE ****
[2010-03-18 23:53:35]<POLICY: Ebbe> PAYLOADS: HASH,SA,PROP,TRANS,NONCE,ID,ID
[2010-03-18 23:53:35]**** FOUND IDs,EXTRACT ID INFO ****
[2010-03-18 23:53:35]<Initiator IPADDR=10.0.0.10>
[2010-03-18 23:53:35]<Responder IPADDR=192.168.1.0 MASK=255.255.255.0>
[2010-03-18 23:53:35]**** SENT OUT SECOND MESSAGE OF QUICK MODE ****
[2010-03-18 23:53:35]**** RECEIVED THIRD MESSAGE OF QUICK MODE ****
[2010-03-18 23:53:35]<POLICY: Ebbe> PAYLOADS: HASH
[2010-03-18 23:53:35]**** QUICK MODE COMPLETED ****
[2010-03-18 23:53:35][==== IKE PHASE 2 ESTABLISHED====]

So it seems that the tunnel is up, but my FVG will not permit ping or RDP

[GuyAdams]

Are there any software firewalls on the client/s you are trying to ping or RDP, if so you will need to adjust them to accept traffic from your other subnet.

Thanks