[Vpn-help] Want to route 0.0.0.0 through the tunnel
Zöller, Benjamin
Benjamin.Zoeller at salt-solutions.de
Wed Jun 25 02:11:47 CDT 2008
Hi Matthew,
thank you for the fast answer.
I didn't saw the text "...or Tunnel all"
Of course all works fine now :)
Only one thing appears at every connect on my netscreen.
IKE<217.228.2.96>: XAuth login was passed for gateway <RAS_XYZ>, username <xyz>, retry: 0.
Rejected an IKE packet on ethernet4 from 217.228.2.96:500 to 123.123.123.123:500 with cookies 2ba7ef7c14840118 and 71825caba292fb84 because a Phase 2 packet arrived while XAuth was still pending.
IKE<217.228.2.96> Phase 1: Completed Aggressive mode negotiations with a <28800>-second lifetime
We do a radius authentication on an external host.
I think there must be a little delay before going forward to phase2.
Benjamin
mgrooms wrote:
> On Tue, 24 Jun 2008 23:26:34 +0200, Zöller, Benjamin
> <Benjamin.Zoeller at salt-solutions.de> wrote:
>> Hi,
>> we are searching for a client which works with linux and windows.
>> The Screw Client looks very good.
>> I can connect to my Netscreen 50 but I have a problem.
>> I can't route 0.0.0.0/0 through the tunnel.
>>
>> I have done a second try with a hostaddress that was no problem.
>> But I need 0.0.0.0/0 cause at the Netscreen the policy is Dial-up ->
>> any
>>
>> What must I do to get this working?
>>
>
> Benjamin,
>
> I have tested the client with a configuration thats tunnels all
> traffic to a Netscreen gateway. It should work fine. You would just
> configure the policy on the Netscreen with a 0.0.0.0/0 network ID and
> select "Tunnel All" in the policy tab of the client site
> configuration. Does this not work for you? If not, does it fail to
> negotiate the IPsec SA ( phase2 ) or does it negotiate fine but fail
> to send ESP traffic properly?
>
> Thanks,
>
> -Matthew
More information about the vpn-help
mailing list