Hi, <br><br>I am having trouble with setting up site-to-site with remote network. <br>I have a single server with public ip where I have installed strongswan. <br><br><br>Remote admin has shared the following settings:<br>
<br>************************************************************************************************************************************<br><span style="font-size: 10pt; font-family: "Arial","sans-serif";"><br>
Peer IP:- 202.56.XXX.YYY</span><span style="font-size: 12pt; font-family: "Times New Roman","serif";"><br>
</span><span style="font-size: 10pt; font-family: "Arial","sans-serif";"><br>
Pre-shared key ########### ( share through phone ) </span><span style="font-size: 12pt; font-family: "Times New Roman","serif";"><br>
</span><b><span style="font-size: 10pt; font-family: "Arial","sans-serif";"><br>
For IKE Policy </span></b><span style="font-size: 10pt; font-family: "Arial","sans-serif";"><br>
Encryption 3DES <br>
Authentication SHA <br>
Diffie-Hellman Group 2 </span><span style="font-size: 12pt; font-family: "Times New Roman","serif";"><br>
</span><b><span style="font-size: 10pt; font-family: "Arial","sans-serif";"><br>
For IPSec Policy</span></b><span style="font-size: 10pt; font-family: "Arial","sans-serif";"><br>
Encryption 3DES <br>
Authentication SHA <br>
enable perfect forwarding secrecy(pfs) <br>
Diffie-Hellman Group 1 </span><span style="font-size: 12pt; font-family: "Times New Roman","serif";"><br>
</span><span style="font-size: 10pt; font-family: "Arial","sans-serif";"><br>
your local pool IP :- 10.2.28.24</span><span style="font-size: 12pt; font-family: "Times New Roman","serif";"><br>
</span><span style="font-size: 10pt; font-family: "Arial","sans-serif";"><br>
your remote network IP:- 10.2.84.68</span><span style="font-size: 7.5pt; font-family: "Verdana","sans-serif"; color: rgb(47, 47, 47);"> </span><span style="font-size: 12pt; font-family: "Times New Roman","serif";"><br>
<br>
</span>************************************************************************************************************************************<br><br>On the basis of this, I have created following ipsec.conf<br><br><br>config setup<br>
plutostart=yes<br> plutodebug=all<br> plutostderrlog=/var/log/plutoerr.log<br><br>conn %default<br> keyexchange=ikev1<br> type=tunnel<br> ikelifetime=86400<br><br><br>conn myconn<br>
left=119.82.AAA.BBB<br> leftsourceip=10.2.28.24<br> right=202.56.XXX.YYY<br> rightsubnet=<a href="http://10.2.84.68/32">10.2.84.68/32</a><br> esp=3des-sha1-modp768<br> ike=3des-sha1-modp1024<br>
auth=esp<br> authby=secret<br> pfs=yes<br> auto=start<br><br><br>********************************************************************************************************************************************************************************************************<br>
<br><br>]# ipsec status<br>000 "myconn": <a href="http://10.2.28.24/32===119.82.69.67[119.82.69.67]...202.56.229.168[202.56.229.168]===10.2.84.68/32">10.2.28.24/32===119.82.69.67[119.82.69.67]...202.56.229.168[202.56.229.168]===10.2.84.68/32</a>; unrouted; eroute owner: #0<br>
000 "myconn": newest ISAKMP SA: #0; newest IPsec SA: #0;<br>000<br>000 #44: "myconn" STATE_QUICK_I1 (sent QI1, expecting QR1); EVENT_RETRANSMIT in 30s<br>000<br><br><br>Remote side admin is asking me to NAT private IP. Any suggesstion how that can be achived.<span style="font-size: 12pt; font-family: "Times New Roman","serif";"><br style="">
</span><br>