Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Windows Networking > IPsec tunnel through NAT & TUN adapters - How?

Reply
Thread Tools Display Modes

IPsec tunnel through NAT & TUN adapters - How?

 
 
Kris
Guest
Posts: n/a

 
      08-27-2007, 07:44 PM
We are trying to create an ipsec tunnel between two hosts with windows 2003
server operating systems. First of these servers (A) is connected directly to
the internet and has been assigned a public IP address. Second server (B) is
in a private network N with addressing scheme 192.168.0.0/24, behind NAT
router with Linux OS. Both of these hosts have installed a TUN virtual
adapter with addresses 10.1.0.1/16 and 10.2.0.1/16:

(tun 10.2.0.1/16) A --------- internet ------- NAT -------N ------ B (tun
10.1.0.1/16)

Our ipsec configuration is based on article
http://support.microsoft.com/kb/816514/en-us .

Ipsec policy for host A:
- Incoming rule
o Filter from specific subnet 10.1.0.0/16 to specific subnet 10.2.0.0/16,
not mirrored, any protocol,
o Filter action Require security
o Authentication with Preshared key
o Tunnel endpoint: public IP address of host A
- Outgoing rule
o Filter from specific subnet 10.2.0.0/16 to specific subnet 10.1.0.0/16,
not mirrored, any protocol,
o Filter action Require security
o Authentication with Preshared key
o Tunnel endpoint: public IP of NAT router

Ipsec policy for host B:
- Incoming rule
o Filter from specific subnet 10.2.0.0/16 to specific subnet 10.1.0.0/16,
not mirrored, any protocol,
o Filter action Require security
o Authentication with Preshared key
o Tunnel endpoint: private IP address of host B on private network
- Outgoing rule
o Filter from specific subnet 10.1.0.0/16 to specific subnet 10.2.0.0/16,
not mirrored, any protocol,
o Filter action Require security
o Authentication with Preshared key
o Tunnel endpoint: public IP address of host A

All rules on both hosts have Connection Type set to All network connections.
The router with NAT is redirecting all UDP/500 and UDP/4500 traffic from
outside directly to host B.

The problem is, that after activating both policies and trying to ping host
10.1.0.1 from host A, ping requests time out and no security negotiation
happens. Even sniffing traffic on both hosts with Wireshark and Tcpdump on
Linux router shows no packets. Static routes are set, as described in
aforementioned article.
Purpose of this configuration was to create a tunnel from host A into
private network, but without access to any other component, other than host B.
 
Reply With Quote
 
 
 
Reply

« Creating Trust between two Domains | Event ID: 6004 »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Ipsec tunnel mode vs ip in ip with ipsec transport Reji Linux Networking 1 09-20-2011 04:29 PM
IPsec tunnel up but no traffic wamsterdam@zesgoes.nl Linux Networking 6 08-14-2008 09:05 AM
IPSEC tunnel problem Sandro Linux Networking 2 03-19-2008 11:33 AM
IPsec in the tunnel mode salildangi@gmail.com Linux Networking 0 09-25-2007 08:53 PM
IPsec tunnel using racoon dee Linux Networking 2 07-16-2007 08:53 AM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11