[vpn-help] Accessing several networks

Stéphane PERON s.peron at free.fr
Mon Oct 24 04:34:03 CDT 2011


Hi Kevin,

Many thanks for your detailed answer ...

But nothing seems to work ...

I've tried : "Optain topology automaticaly .. " => impossible to contact 
the network

In the zywall USG 100, I can't specify a "group" of adresses ... I can 
create it, but can't use it to configure vpn connections ..

So, I tried to specify a subnet :
ie :
192.168.0.0/255.255.252.0

I've put the same in VPN Shrew soft ... And I can't get in touch with 
the machines on the target network ...

The adress types authorised in the zywall to create a network objet are :
- HOST ( ie : 192.168.0.3)
- RANGE ( ie : 192.168.0.1 to 192.168.3.1 )
- SUBNET ( ie : 192.168.0.0/255.255.255  and when used, the zywall 
displays : /24 )

Does anyone succeeded in contacting several sub-networks behind a zywall 
usg**** with only one Shrewsoft connection ??

Thanks a lot for your help

Cheers


Stéphane
Le 20/10/2011 05:20, Kevin VPN a écrit :
> On 10/19/2011 04:59 AM, Stéphane PERON wrote:
>>
>> Le 19/10/2011 09:28, Stéphane PERON a écrit :
>>> Hi Tamas,
>>>
>>> thanks for you answer but It doesn't not work !!
>>>
>>> It only works for one network ...
>>>
>>> I use shrewsoft 2.2 ... and try to connect to a zywall usg 100 ...
>>>
>>> When I put for example, 192.168.1.0/24 as local policy in the zywall (
>>> phase 2 ) ... And 192.168.1.0 / 255.255.255.0 in the policy tab .. ..I
>>> works very well
>>>
>>> But if i put a RANGE of ip adresse in the zywall like ,
>>> 192.168.1.0-192.168.3.0 ... And try to add 192.168.1.0 /
>>> 255.255.255.0,192.168.2.0 / 255.255.255.0, 192.168.3.0 / 255.255.255.0
>>> in the policy tab
>>>
>>> Il doesn't work !!! I can't contact networks
>>>
> > I'd like to add that, for the time being, I have created as much
> > shrewsoft connection as there are networks ..
> > The problem is, that I can't contact all the sub-networks when all
> > connections are made ... routing for several VPN connections doesn't
> > work
>
> Hi Stephane,
>
> The problem, I think, is that for phase 2 negotiation to complete, the 
> specified policies have to match on each side.  However, when you 
> define the policy as 192.168.1.0-192.168.3.0 on the Zywall and then 
> put 192.168.1.0/255.255.255.0, 192.168.2.0/255.255.255.0, 
> 192.168.3.0/255.255.255.0 in the Shrew policy, they do NOT appear to 
> be the same when negotiation is done.
>
> Easiest might be to try the checkbox on the Shrew policy tab that says 
> "Obtain topology automatically".
>
> You could also try this:  Explicitly use 192.168.1.0/24, 
> 192.168.2.0/24 and 192.168.3.0/24 as the subnets in the the zywall. In 
> Shrew, use 192.168.1.0/255.255.255.0, 192.168.2.0/255.255.255.0 and 
> 192.168.3.0/255.255.255.0.  This should make the policies match.
>
> If the Zywall won't let you put in multiple subnets, you could use 
> 192.168.0.0/22 (Zywall) and 192.168.0.0/255.255.252.0 (Shrew) although 
> that might cause problems if 192.168.0.0 is used for something else.
>
> Also, in the zywall, with the policy 192.168.1.0-192.168.3.0, how have 
> you specified the subnet mask?  I'm not actually sure how many IPs 
> that would include in the third subnet - maybe just one single IP, 
> 192.168.3.0 itself?  Or does the Zywall default to a /24 if not 
> specified?
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20111024/99a6e125/attachment-0001.html>


More information about the vpn-help mailing list