Thank you Johan Hendriks and Abdulrehman a lot of thanks for your help thank you again
On Tue, Oct 27, 2009 at 12:44 PM, Johan Hendriks <j.hendr...@schavemaker.com > wrote: > Abdulrehman schreef: > > I also followed the same how to and had no issues..attached it the image of > firewall rule for IPSEC...I have allowed all ip traffic...you can customize > it....its very simple.. > > On Tue, Oct 27, 2009 at 1:16 PM, Koray AGAYA <insanad...@gmail.com> > <insanad...@gmail.com> wrote: > > > > Hi ! > > Have a two location and both sites use pfsense 1.2.2 I want to site to > site vpn A location and B location > > I use http://doc.pfsense.org/index.php/VPN_Capability_IPSec this site > > I need a firewall rule and vpn settings ->screenshot pfsense > > Can you help me plese I > > > ------------------------------ > > ------------------------------ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > > Why do you have 2 rules that do exactly the same, the only difference is > the comment. > > The first rule say > Allow all protocols, from all source, from all ports, to all destination, > to all ports, througt the default gateway. > The second rule does the same thing. > > @ topic starter > > i do not know you config, but i try to explain fill in your own network > data > > Site one > Local IP network : 192.168.0.0 / 24 > public ipadres : 80.80.80.80 > > Site two > Local IP network 192.168.1.0 / 24 > public ipadres: 90.90.90.90 > > SITE ONE CONFIG IPSEC > Interface WAN > Localsubnet: type Network > address 192.168.0.0 / 24 > Remote subnet: 192.168.1.0 / 24 > Remote Gateway: 90.90.90.90 > > Decription: ipsec tunnel 1 > > Negotiation mode: aggressive > My identifier: My IP address > Encryption algorithm: Blowfish > Hash algorithm: MD5 > DH key group: 2 > lifetime: 86400 > Authentication method: Pre-shared key > Pre-Shared Key: your-key-in-text > > Certificate: NONE > KEY: NONE > peer certificate NONE > > Phase 2 proposal (SA/Key Exchange) > protocol: ESP > Encryption algorithms: select Blowfish > Hash algorithms: select MD5 > PFS key group: 2 > Lifetime: 86400 > Automatically ping host: ipadres of server in 192.168.1.0 network > > SITE TWO CONFIG IPSEC > > Site one ipsec config > Interface WAN > Localsubnet: type Network > address 192.168.1.0 / 24 > Remote subnet: 192.168.0.0 / 24 > Remote Gateway: 80.80.80.80 > > Decription: ipsec tunnel 1 > > Negotiation mode: aggressive > My identifier: My IP address > Encryption algorithm: Blowfish > Hash algorithm: MD5 > DH key group: 2 > lifetime: 86400 > Authentication method: Pre-shared key > Pre-Shared Key: your-key-in-text > > Certificate: NONE > KEY: NONE > peer certificate NONE > > Phase 2 proposal (SA/Key Exchange) > protocol: ESP > Encryption algorithms: select Blowfish > Hash algorithms: select MD5 > PFS key group: 2 > Lifetime: 86400 > Automatically ping host: ipadres of server in 192.168.0.0 network > > > And on both sides use a rule on the ipsec interface that allows all form > all etc. > > You must use different subnets on each side of the tunnel. > > Hope this helps > regards, > -- > _______________________ > *Johan Hendriks* > *Schavemaker Transport* > > Tel: +31 (0)251 229098 > Fax: +31 (0)251 212016 > email: j.hendr...@schavemaker.com > web: http://www.schavemaker.com > _______________________ > *Confidentiality Notice: The information in this document may be > confidential. It is intended only for the use of the named recipient. > If you are not the intended recipient, please notify me immediately > and then delete this document. Do not disclose the contents of this > document > to any other person, nor take any copies. Violation of this notice may be > unlawful. * > _______________________ > -- ---------------------Hayatı Ciddiye Alma Asla Sağ Çıkamıycaksın !--------------------
