On Mon, 03 Sep 2007 17:15:02 -0400, Paolo Supino wrote: >Hi > > I have a firewall that also acts as a VPN peer for 2 VPNs. One of >the VPNs is IPSEC that connects between the main office and a branch >office. The second VPN is OpenVPN that connects windows based road >warriors to the branch office. I want to enable employees that connect >to the branch's OpenVPN to reach the main office servers (and filter >traffic to). Both VPNs are working so the appropriate routing entries >exist in the firewall's routing table. Even if I disable all the >firewall rules and just let everything pass through the firewall the >OpenVPN clients still cannot reach the main office servers. What am >I missing?
I'll bet you don't have some flows set up in ipsec.conf to handle it. Here is a simple ipsec.conf from one end of an ipsec tunnel where OpenVPN clients also login: ike esp from 10.10.8.0/24 to 172.22.3.0/24 peer 250.101.222.1 ike esp from 172.22.2.0/24 to 172.22.3.0/24 peer 250.101.222.1 ike esp from 195.228.107.202 to 172.22.3.0/24 peer 250.101.222.1 ike esp from 195.228.107.202 to 250.101.222.1 The first line adds the OpenVPN network to the mix. Needless to say the other end of the tunnel has an ipsec.conf that makes sure that traffic can return. Fictional addresses used to protect the innocent... Does that help? Please reply to the list. I am subscribed and don't need a cc, thanks. Rod/ >From the land "down under": Australia. Do we look <umop apisdn> from up over?
