oren
Newbie
Posts: 8
|
 |
« on: October 28, 2009, 05:12:29 AM » |
|
hi, i hope you can help me guys
for the last few days im tryin to set up a VPN from site to site
in 1 site everything is set up (not by me) , got tested and works perfectly
i have all the settings of that site and i wanna config the same settings in my site in order for this vpn to work
the setting are like that (changed abit the numbers ofcourse):
Site A (unconfigured site):
trust 192.168.10.0/24 (eth 0/2)
untrust 80.170.80.2 (eth 0/0)
Site B (configured):
internal 192.168.1.0/24
firewall external 60.60.60.2
the setting i need to set are:
PHASE 1
Peer 60.60.60.2
Pre-shared key: mypassword
Encryption - 3DES
Hash - MD5
DH - 2
lifetime - 86400
PHASE 2
Encryption -3DES
Hash- MD5
PFS - disable
Lifetime- 28800
Local lan: 192.168.10.0/24
Remote lan: 192.168.1.0/24
i tried doing the following:
1.Network > Interfaces > Edit:
Trust Static IP, Address/Netmask: 192.168.10.0/24 (nat) eth 0/2
Untrust Static IP, Address/Netmask: 80.170.80.2/24 (route) eth 0/0
2.VPNs > Auto Key Advanced > Gateway > New
Gateway Name: CGW
Remote Gateway Type
Static IP Address/Hostname: 60.60.60.2
Preshared Key: mypassword
ikev1 (maybe i need 2?!)
Outgoing Interface: ethernet0/0
pre-g2-3des-md5
Mode (Initiator): Main (ID Protection)
3. VPNs > Auto Key IKE > New
VPN Name: CVPN
Remote Gateway Predefined: CGW
Security Level Predefined: nopfs-3des-md5
Bind to: None
Then click OK.
4. Policy>Policies >
Source : 192.168.10.0/24
destination: 192.168.1.0/24
Service: ANY
Action: Tunnel
Tunnel: CVPN
Checked Modify matching bidirectional VPN policy
i checked with get sa and i saw it is inactive
i dunno how to check where exactly is the problem cause im not familiar with this firewall
i guess there is a way to check if it fails in phrase1 or phrase2.
can you please fix my configuration and tell me how to check in more detailed way where is my problem?
thanks alot,
Oren
|
