Page 1 of 1

PLEASE HELP - IPSEC and Remote Clients

Posted: Tue May 29, 2007 4:09 pm
by elhombredelabata
Please, this is the third post i made over this subject, if anyone can please help me, i´ll be thanksfull.

I need to configure L2TP/IPSEC to work whit remote clients, that are in different location and whit differen IP address. The IP adresses are unknown and can change at any time.

I have try L2TP/IPSEC whit static peers and work great, but can´t make it work when the peer is unknown.

Re: PLEASE HELP - IPSEC and Remote Clients

Posted: Sun Jun 03, 2007 3:11 pm
by andrewluck
There is a setting in ISAKMP for "generate-policy=yes"

Regards

Andrew

Re: PLEASE HELP - IPSEC and Remote Clients

Posted: Mon Jun 04, 2007 11:04 pm
by elhombredelabata
Thanks a lot for the answer, but i already try the "generate-policy=yes"
and works fine only if the peer has a known ip address.
I need to make IPSEC work for unknown address of remote peers.

Re: PLEASE HELP - IPSEC and Remote Clients

Posted: Wed Jun 06, 2007 10:59 pm
by andrewluck
This is what "generate-policy=yes" does. Make sure you specify the client IP address as 0.0.0.0. Subnet mask is either /0 or /32, I can't remember which.

Regards

Andrew

Re: PLEASE HELP - IPSEC and Remote Clients

Posted: Sun Jul 08, 2007 2:20 am
by elhombredelabata
andrewluck, thanks a lot for the answer, it works ok with the /0 that was the mistake.

Now i receive 4 o 5 IPSec Warnings - Incoming packet with unknown SPI and a info message with: ipsec no a found: proto=esp spi=4100391946 src=xx.xx.xx.xx dst=xx.xx.xx.xx

Some times it conects and some time not, i only have to retry 2 or 3 times anthen it conects OK.

I´using windows VPN client, i don´t know which other client can use.

Re: PLEASE HELP - IPSEC and Remote Clients

Posted: Sun Jul 08, 2007 2:04 pm
by andrewluck
Not much to go on there.

Check the IKE logs to see if anything is going wrong.

Also, you might try turning on ipsec logging on the windows client to see if that gives any clues.

Regards

Andrew