[vpn-help] Accessing several networks
Stéphane PERON
s.peron at free.fr
Mon Oct 24 04:34:03 CDT 2011
Hi Kevin,
Many thanks for your detailed answer ...
But nothing seems to work ...
I've tried : "Optain topology automaticaly .. " => impossible to contact
the network
In the zywall USG 100, I can't specify a "group" of adresses ... I can
create it, but can't use it to configure vpn connections ..
So, I tried to specify a subnet :
ie :
192.168.0.0/255.255.252.0
I've put the same in VPN Shrew soft ... And I can't get in touch with
the machines on the target network ...
The adress types authorised in the zywall to create a network objet are :
- HOST ( ie : 192.168.0.3)
- RANGE ( ie : 192.168.0.1 to 192.168.3.1 )
- SUBNET ( ie : 192.168.0.0/255.255.255 and when used, the zywall
displays : /24 )
Does anyone succeeded in contacting several sub-networks behind a zywall
usg**** with only one Shrewsoft connection ??
Thanks a lot for your help
Cheers
Stéphane
Le 20/10/2011 05:20, Kevin VPN a écrit :
> On 10/19/2011 04:59 AM, Stéphane PERON wrote:
>>
>> Le 19/10/2011 09:28, Stéphane PERON a écrit :
>>> Hi Tamas,
>>>
>>> thanks for you answer but It doesn't not work !!
>>>
>>> It only works for one network ...
>>>
>>> I use shrewsoft 2.2 ... and try to connect to a zywall usg 100 ...
>>>
>>> When I put for example, 192.168.1.0/24 as local policy in the zywall (
>>> phase 2 ) ... And 192.168.1.0 / 255.255.255.0 in the policy tab .. ..I
>>> works very well
>>>
>>> But if i put a RANGE of ip adresse in the zywall like ,
>>> 192.168.1.0-192.168.3.0 ... And try to add 192.168.1.0 /
>>> 255.255.255.0,192.168.2.0 / 255.255.255.0, 192.168.3.0 / 255.255.255.0
>>> in the policy tab
>>>
>>> Il doesn't work !!! I can't contact networks
>>>
> > I'd like to add that, for the time being, I have created as much
> > shrewsoft connection as there are networks ..
> > The problem is, that I can't contact all the sub-networks when all
> > connections are made ... routing for several VPN connections doesn't
> > work
>
> Hi Stephane,
>
> The problem, I think, is that for phase 2 negotiation to complete, the
> specified policies have to match on each side. However, when you
> define the policy as 192.168.1.0-192.168.3.0 on the Zywall and then
> put 192.168.1.0/255.255.255.0, 192.168.2.0/255.255.255.0,
> 192.168.3.0/255.255.255.0 in the Shrew policy, they do NOT appear to
> be the same when negotiation is done.
>
> Easiest might be to try the checkbox on the Shrew policy tab that says
> "Obtain topology automatically".
>
> You could also try this: Explicitly use 192.168.1.0/24,
> 192.168.2.0/24 and 192.168.3.0/24 as the subnets in the the zywall. In
> Shrew, use 192.168.1.0/255.255.255.0, 192.168.2.0/255.255.255.0 and
> 192.168.3.0/255.255.255.0. This should make the policies match.
>
> If the Zywall won't let you put in multiple subnets, you could use
> 192.168.0.0/22 (Zywall) and 192.168.0.0/255.255.252.0 (Shrew) although
> that might cause problems if 192.168.0.0 is used for something else.
>
> Also, in the zywall, with the policy 192.168.1.0-192.168.3.0, how have
> you specified the subnet mask? I'm not actually sure how many IPs
> that would include in the third subnet - maybe just one single IP,
> 192.168.3.0 itself? Or does the Zywall default to a /24 if not
> specified?
> _______________________________________________
> vpn-help mailing list
> vpn-help at lists.shrew.net
> http://lists.shrew.net/mailman/listinfo/vpn-help
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20111024/99a6e125/attachment-0002.html>
More information about the vpn-help
mailing list