cyberspace
Technical User
Hello,
I have a 3Com X506 (unified threat management system) to which I am trying to establish an IPSec VPN using the NCP Secure Entry client.
I am just trying to get a connection established at the minute, so I am not using the maximum security.
The settings are:
IKE Proposal -
Phase 1:
Encryption: DES-CBC
Integrity: SHA-1
DH Group: 1 (768 bits)
Lifetime: 28800
Auth type: PSK
Aggressive mode, NAT traversal, dead peer protection
Phase 2:
Encryption: ESP DES-CBC
Integrity: ESP SHA-1-HMAC
Lifetime: 3600
Perfect Forward Secrecy is not set.
There are also options of 'Enable strict ID checking of local network' and 'Use ID of 0.0.0.0/0 for local and remote networks' which are not checked
Then my IPSec security Association is IKE-PSK(DES-SHA1-PSK)
Now - if I use the default SA, the NCP client connects just fine so I presume I have set the client up correct from the IKE policy/SA point of view. However, it's just assigning a 192.168.x.x address to the connection, so this is no good - I can't talk to anything on the network. I cannot change the default SA.
However, if I clone the SA and set the tunnel to use the LAN subnet for "local networks" and 'Remote addresses assigned by DHCP through this tunnel' for "remote networks" - it does not work
I have tried various settings for address assignment in NCP, but the tunnel does not come up at all.
Any ideas where I am going wrong? it must be something I am doing with local/remote network settings.
Many thanks for any advice you can offer.
'When all else fails.......read the manual'
I have a 3Com X506 (unified threat management system) to which I am trying to establish an IPSec VPN using the NCP Secure Entry client.
I am just trying to get a connection established at the minute, so I am not using the maximum security.
The settings are:
IKE Proposal -
Phase 1:
Encryption: DES-CBC
Integrity: SHA-1
DH Group: 1 (768 bits)
Lifetime: 28800
Auth type: PSK
Aggressive mode, NAT traversal, dead peer protection
Phase 2:
Encryption: ESP DES-CBC
Integrity: ESP SHA-1-HMAC
Lifetime: 3600
Perfect Forward Secrecy is not set.
There are also options of 'Enable strict ID checking of local network' and 'Use ID of 0.0.0.0/0 for local and remote networks' which are not checked
Then my IPSec security Association is IKE-PSK(DES-SHA1-PSK)
Now - if I use the default SA, the NCP client connects just fine so I presume I have set the client up correct from the IKE policy/SA point of view. However, it's just assigning a 192.168.x.x address to the connection, so this is no good - I can't talk to anything on the network. I cannot change the default SA.
However, if I clone the SA and set the tunnel to use the LAN subnet for "local networks" and 'Remote addresses assigned by DHCP through this tunnel' for "remote networks" - it does not work
I have tried various settings for address assignment in NCP, but the tunnel does not come up at all.
Any ideas where I am going wrong? it must be something I am doing with local/remote network settings.
Many thanks for any advice you can offer.
'When all else fails.......read the manual'