<< | Thread Index | >> ]    [ << | Date Index | >> ]

To: "Manner, Jorma" <Jorma.Manner,AT,yomi,DOT,com>
Subject: Re: w2k cipe problem again
From: Phil Scarratt <fil,AT,draxsen,DOT,com>
Date: Fri, 19 Sep 2003 08:15:16 +1000
Cc: "'cipe-l,AT,inka,DOT,de'" <cipe-l,AT,inka,DOT,de>
In-reply-to: <D18AA9A14A98E14AA6DBB1091E3F139F026B0B@it-mail1-exh55.yomi.com>
Organization: Draxsen Technologies
References: <D18AA9A14A98E14AA6DBB1091E3F139F026B0B@it-mail1-exh55.yomi.com>

Manner, Jorma wrote:

Sorry, was a bit too wide, maybe now.

Hardware
                                 Machines
   Machine 1 (W2k)               out-of-my-reach     Machine A (W2k)
   -------------------          |------------------| -------------------
   |home_public.ip.no|-internet-|off_pub.ip.no--nat|-| 10.10.x.x       |
   |                 |          |------------------| |                 |
   |10.130.0.1 (cipe)|                               | 10.130.0.2(cipe)|
   |                 |                               -------------------
 --|192.168.0.1      |
 | -------------------
 |
 | Machine 2
 | -------------------
 --| 192.168.0.2     |
 | -------------------
 |
..
 |
 | Machine n
 | -------------------
 --| 192.168.0.n     |
 | -------------------


Configurations


 CIPE VPN Peer Setting (Machine 1)
  LAN IP Setting
  Local IP Address:   192.168.0.1:21012  Local PTP Address: 10.130.0.1
  Peer IP address : off_pub.ip.no:21012   Peer PTP address: 10.130.0.2



 CIPE VPN Peer Setting (Machine A)
  LAN IP Setting
  Local IP Address:      10.10.x.x:21012  Local PTP Address: 10.130.0.2
  Peer IP address : home_pub.ip.no:21012   Peer PTP address: 10.130.0.1



This is NOT working, what should I change ?


Your Local IP Address and Peer IP addresses do not match at either end of the tunnel. So try:


CIPE VPN Peer Setting (Machine 1)
Local IP Address: home_public.ip.no:21012
Peer IP Address: 10.10.x.x:21012

CIPE VPN Peer Setting (Machine A)
Local IP Address: 10.10.x.x:21012
Peer IP Address: home_public.ip.no:21012

PTP addresses look OK. If home_public.ip.no is a dynamic ip address, use one of the mutliple dynamic dns services around such as dyndns.org.
Also, check the usual stuff: double check the static key is IDENTICAL (including NO INVISIBLE characters), firewall rules, etc.


Fil


<< | Thread Index | >> ]    [ << | Date Index | >> ]