On 6/30/2010 12:03 AM, Jerrard Holland wrote: > vpn client 2.1.5 > windows 7 > netgear fvs 338 >
Hi Jerrard, It looks like your address pool is now setup to use the 192.168.20.0/24 range. However, your policy is configured to communicate with the same network. You can't have the client try to access a remote network when it uses an address from that network ... 10/06/29 21:38:02 ii : creating IPSEC INBOUND policy ANY:192.168.20.0/24:* -> ANY:192.168.20.2:* 10/06/29 21:38:02 ii : creating IPSEC OUTBOUND policy ANY:192.168.20.2:* -> ANY:192.168.20.0/24:* For example, if your remote network is 192.168.10.0/24, you should use a client address pool of anything but that network. Lets say you select the 192.168.20.0/24 network for your address pool. You would setup your gateway pool to us 192.168.20.1 -> 192.168.20.254. Then you would setup gateway policies to allow traffic from dial-up to the 192.168.10.0/24 network ( please see the SSG howto for more details ). Lastly, you need to add 192.168.10.0/24 as an include network under the policy tab of the client site configuration. This will cause the client to generate policies that look like this ... 10/06/29 21:38:02 ii : creating IPSEC INBOUND policy ANY:192.168.10.0/24:* -> ANY:192.168.20.X:* 10/06/29 21:38:02 ii : creating IPSEC OUTBOUND policy ANY:192.168.20.X:* -> ANY:192.168.10.0/24:* Hope this helps, -Matthew _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
