<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-2"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi Kevin,<br>
<br>
Many thanks for your detailed answer ... <br>
<br>
But nothing seems to work ... <br>
<br>
I've tried : "Optain topology automaticaly .. " => impossible to
contact the network<br>
<br>
In the zywall USG 100, I can't specify a "group" of adresses ... I
can create it, but can't use it to configure vpn connections .. <br>
<br>
So, I tried to specify a subnet : <br>
ie :<br>
192.168.0.0/255.255.252.0<br>
<br>
I've put the same in VPN Shrew soft ... And I can't get in touch
with the machines on the target network ... <br>
<br>
The adress types authorised in the zywall to create a network objet
are :<br>
- HOST ( ie : 192.168.0.3)<br>
- RANGE ( ie : 192.168.0.1 to 192.168.3.1 )<br>
- SUBNET ( ie : 192.168.0.0/255.255.255 and when used, the zywall
displays : /24 )<br>
<br>
Does anyone succeeded in contacting several sub-networks behind a
zywall usg<span class="Apple-style-span" style="color: rgb(0, 0, 0);
font-family: Arial; font-size: 11px; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: 2; text-indent: -11px;
text-transform: none; white-space: normal; widows: 2;
word-spacing: 0px; background-color: rgb(255, 255, 255);"><b><span
style="cursor:
url("http://dictionnaire.reverso.net/App_Themes/Default/Images/CM.cur"),
auto; font-size: 14px;"><span id="ID0EEB" style="cursor:
url("http://dictionnaire.reverso.net/App_Themes/Default/Images/CM.cur"),
auto; color: rgb(181, 0, 0);"><span class="nbsp1"
style="cursor:
url("http://dictionnaire.reverso.net/App_Themes/Default/Images/CM.cur"),
auto; border-bottom: 1px solid rgb(255, 255, 255) !
important; height: 12px; width: 6px; padding-left: 6px;"></span></span></span></b><b><span
style="cursor:
url("http://dictionnaire.reverso.net/App_Themes/Default/Images/CM.cur"),
auto; font-size: 14px;"><span id="ID0ENB" style="cursor:
url("http://dictionnaire.reverso.net/App_Themes/Default/Images/CM.cur"),
auto;"></span></span></b></span> with only one Shrewsoft
connection ??<br>
<br>
Thanks a lot for your help <br>
<br>
Cheers <br>
<br>
<br>
Stéphane <br>
Le 20/10/2011 05:20, Kevin VPN a écrit :
<blockquote cite="mid:BLU0-SMTP394CD4BF52253BAA62828DBA0EB0@phx.gbl"
type="cite">On 10/19/2011 04:59 AM, Stéphane PERON wrote:
<br>
<blockquote type="cite">
<br>
Le 19/10/2011 09:28, Stéphane PERON a écrit :
<br>
<blockquote type="cite">Hi Tamas,
<br>
<br>
thanks for you answer but It doesn't not work !!
<br>
<br>
It only works for one network ...
<br>
<br>
I use shrewsoft 2.2 ... and try to connect to a zywall usg 100
...
<br>
<br>
When I put for example, 192.168.1.0/24 as local policy in the
zywall (
<br>
phase 2 ) ... And 192.168.1.0 / 255.255.255.0 in the policy
tab .. ..I
<br>
works very well
<br>
<br>
But if i put a RANGE of ip adresse in the zywall like ,
<br>
192.168.1.0-192.168.3.0 ... And try to add 192.168.1.0 /
<br>
255.255.255.0,192.168.2.0 / 255.255.255.0, 192.168.3.0 /
255.255.255.0
<br>
in the policy tab
<br>
<br>
Il doesn't work !!! I can't contact networks
<br>
<br>
</blockquote>
</blockquote>
> I'd like to add that, for the time being, I have created as
much
<br>
> shrewsoft connection as there are networks ..
<br>
> The problem is, that I can't contact all the sub-networks
when all
<br>
> connections are made ... routing for several VPN connections
doesn't
<br>
> work
<br>
<br>
Hi Stephane,
<br>
<br>
The problem, I think, is that for phase 2 negotiation to complete,
the specified policies have to match on each side. However, when
you define the policy as 192.168.1.0-192.168.3.0 on the Zywall and
then put 192.168.1.0/255.255.255.0, 192.168.2.0/255.255.255.0,
192.168.3.0/255.255.255.0 in the Shrew policy, they do NOT appear
to be the same when negotiation is done.
<br>
<br>
Easiest might be to try the checkbox on the Shrew policy tab that
says "Obtain topology automatically".
<br>
<br>
You could also try this: Explicitly use 192.168.1.0/24,
192.168.2.0/24 and 192.168.3.0/24 as the subnets in the the
zywall. In Shrew, use 192.168.1.0/255.255.255.0,
192.168.2.0/255.255.255.0 and 192.168.3.0/255.255.255.0. This
should make the policies match.
<br>
<br>
If the Zywall won't let you put in multiple subnets, you could use
192.168.0.0/22 (Zywall) and 192.168.0.0/255.255.252.0 (Shrew)
although that might cause problems if 192.168.0.0 is used for
something else.
<br>
<br>
Also, in the zywall, with the policy 192.168.1.0-192.168.3.0, how
have you specified the subnet mask? I'm not actually sure how
many IPs that would include in the third subnet - maybe just one
single IP, 192.168.3.0 itself? Or does the Zywall default to a
/24 if not specified?
<br>
_______________________________________________
<br>
vpn-help mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:vpn-help@lists.shrew.net">vpn-help@lists.shrew.net</a>
<br>
<a class="moz-txt-link-freetext" href="http://lists.shrew.net/mailman/listinfo/vpn-help">http://lists.shrew.net/mailman/listinfo/vpn-help</a>
<br>
<br>
</blockquote>
<br>
</body>
</html>