[SunHELP] encrypted tunnel between two sunscreens

Stefan sellmer S_At_work at gmx.net
Tue Nov 11 07:31:33 CST 2003 

hello i have problems with the "encrypted action", between sunipsec and
poseidon
for a image of the network i talk about please have a look on the attached
jpeg.

if i sniff the network i only get isakmp main mode packets till the
informational packet, but no phase 2 and no esp packet was captured. 
here ist the setting 

************ON SUNIPSEC**************************
edit> list rules
1 "icmp all" "hades" "saturn" IPSEC ESP("3DES", "MD5") IKE("3DES", "MD5", 1,
RSA-SIGNATURES, "sunipsec", "poseidon") SOURCE_SCREEN "sunipsec"
DESTINATION_SCREEN "poseidon" ALLOW
2 "icmp all" "saturn" "hades" IPSEC ESP("3DES", "MD5") IKE("3DES", "MD5", 1,
RSA-SIGNATURES, "sunipsec", "poseidon") SOURCE_SCREEN "sunipsec"
DESTINATION_SCREEN "poseidon" ALLOW
3 "*" "*" "*" ALLOW
edit> 

edit> list certificate
"IKE manually verified certificates" GROUP { "poseidon" } { } COMMENT
"RESERVED: list of verified/trusted certificates"
"IKE root CA certificates" GROUP { } { } COMMENT "RESERVED: list of root CA
certificates"
"poseidon" SINGLE IKE "SUBJECT=CN=poseidon" LOCAL "sunipsec" COMMENT
"poseidon"
"sunipsec" SINGLE IKE "SUBJECT=CN=sunipsec" LOCAL "sunipsec" COMMENT
"sunipsec"
edit> 



edit> list addresses
"hades" RANGE 139.24.207.0 - 139.24.207.255 COMMENT "hades"
"hme0.net" RANGE 139.23.0.0 - 139.23.255.255
"hme1.net" RANGE 139.24.0.0 - 139.24.255.255
"poseidon" HOST 139.23.207.28 COMMENT "poseidon"
"saturn" RANGE 139.25.207.0 - 139.25.207.255 COMMENT "saturn"
"sunipsec_hme0" GROUP { } { }
"sunipsec_hme1" GROUP { } { }
edit> 


edit> list screen
"poseidon" CDP RIP NIS COMMENT "poseidon"
"sunipsec" CDP DNS NIS
edit> 


*****************ON POSEIDON**********************


edit> list rules
1 "icmp all" "hades" "saturn" IPSEC ESP("3DES", "MD5") IKE("3DES", "MD5", 1,
RSA-SIGNATURES, "poseidon", "sunipsec") SOURCE_SCREEN "Poseidon"
DESTINATION_SCREEN "sunipsec" ALLOW
2 "icmp all" "saturn" "hades" IPSEC ESP("3DES", "MD5") IKE("3DES", "MD5", 1,
RSA-SIGNATURES, "poseidon", "sunipsec") SOURCE_SCREEN "Poseidon"
DESTINATION_SCREEN "sunipsec" ALLOW
3 "*" "*" "*" ALLOW
edit> 




edit> list certificate
"1" GROUP { "sunipsec" "poseidon" } { } COMMENT "1"
"IKE manually verified certificates" GROUP { "sunipsec" } { } COMMENT
"RESERVED: list of verified/trusted certificates"
"IKE root CA certificates" GROUP { } { } COMMENT "RESERVED: list of root CA
certificates"
"poseidon" SINGLE IKE "SUBJECT=CN=poseidon" LOCAL "Poseidon" COMMENT
"poseidon"
"sunipsec" SINGLE IKE "SUBJECT=CN=sunipsec" LOCAL "Poseidon" COMMENT
"sunipsec"
edit> 



edit> list addresses
"hades" RANGE 139.24.207.0 - 139.24.207.255 COMMENT "hades"
"hme0.net" RANGE 139.23.0.0 - 139.23.255.255
"Poseidon_hme0" GROUP { } { }
"saturn" RANGE 139.25.207.0 - 139.25.207.255 COMMENT "saturn"
"sunipsec" HOST 139.23.207.30 COMMENT "sunipsec"
edit> 

edit> list screen
"Poseidon" CDP DNS NIS
"sunipsec" CDP RIP NIS COMMENT "sunipsec"
edit> 

-- 
NEU F\R ALLE - GMX MediaCenter - f|r Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gru_, GMX FotoService

Jetzt kostenlos anmelden unter http://www.gmx.net

+++ GMX - die erste Adresse f|r Mail, Message, More! +++

[demime 1.01d removed an attachment of type image/pjpeg which had a name of nette_zeichnung.JPG]

More information about the SunHELP mailing list