[vpn-help] Am I looking any better?
Matthew Grooms
mgrooms at shrew.net
Wed Jun 30 11:48:59 CDT 2010
On 6/30/2010 12:03 AM, Jerrard Holland wrote:
> vpn client 2.1.5
> windows 7
> netgear fvs 338
>
Hi Jerrard,
It looks like your address pool is now setup to use the 192.168.20.0/24
range. However, your policy is configured to communicate with the same
network. You can't have the client try to access a remote network when
it uses an address from that network ...
10/06/29 21:38:02 ii : creating IPSEC INBOUND policy
ANY:192.168.20.0/24:* -> ANY:192.168.20.2:*
10/06/29 21:38:02 ii : creating IPSEC OUTBOUND policy ANY:192.168.20.2:*
-> ANY:192.168.20.0/24:*
For example, if your remote network is 192.168.10.0/24, you should use a
client address pool of anything but that network. Lets say you select
the 192.168.20.0/24 network for your address pool. You would setup your
gateway pool to us 192.168.20.1 -> 192.168.20.254. Then you would setup
gateway policies to allow traffic from dial-up to the 192.168.10.0/24
network ( please see the SSG howto for more details ). Lastly, you need
to add 192.168.10.0/24 as an include network under the policy tab of the
client site configuration. This will cause the client to generate
policies that look like this ...
10/06/29 21:38:02 ii : creating IPSEC INBOUND policy
ANY:192.168.10.0/24:* -> ANY:192.168.20.X:*
10/06/29 21:38:02 ii : creating IPSEC OUTBOUND policy ANY:192.168.20.X:*
-> ANY:192.168.10.0/24:*
Hope this helps,
-Matthew
More information about the vpn-help
mailing list