Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Is it possible to specify local VPN gateway IP address in IPsec tunnel mode?? (issue with WAN interface that have multiple IP address)
  •  
ajamali

Messages: 100
Karma: 1
Send a private message to this user
Is it possible to specify local VPN gateway IP address in IPsec tunnel mode??

I have issue with WAN interface that have multiple IP address

the problem is IPsec is sending traffic from XXX.XXX.XXX.4 instead of XXX.XXX.XXX.1

i.e. attached below WAN IP Addresses

WAN IP Address : XXX.XXX.XXX.1
Additional IP Address: XXX.XXX.XXX.2
Additional IP Address: XXX.XXX.XXX.3
Additional IP Address: XXX.XXX.XXX.4

  •  
ajamali

Messages: 100
Karma: 1
Send a private message to this user
Could someone please help me!!!!

28 IPsec Tunnels created in Kcontrol and 150 users in remote branche are complain

I don't want to back to my previous solution
I want use IPsec feature in Kcontrol
  •  
rjokl

Messages: 64
Karma: 7
Send a private message to this user
I don't understand your problem. Could you please describe it better?
  •  
silars

Messages: 428
Karma: 59
Send a private message to this user
His interface has 4 IP addresses. The VPN tunnel is using the wrong IP to source traffic. He would like to be able to tell the VPN server which IP to use of the 4 options.

I'm not seeing a way to fix his problem.
  •  
ajamali

Messages: 100
Karma: 1
Send a private message to this user
silars wrote on Wed, 08 May 2013 03:11
His interface has 4 IP addresses. The VPN tunnel is using the wrong IP to source traffic. He would like to be able to tell the VPN server which IP to use of the 4 options.

I'm not seeing a way to fix his problem.


Eaxactly, the workaround is to add the follwoing rule in Traffic Policy

Souurce: Firewall
Destenations: Remote Branches IP Addresses
Services: IKE, IPsec NAT-T
Acction: Allow
Travslation: NAT (XXX.XXX.XXX.1)
  •  
ajamali

Messages: 100
Karma: 1
Send a private message to this user
but i have another problem now

all the Tunnel is up, sometimes and randomly one of tunnel stop sending traffic

disable and re-enable that tunnel fix the problem

attached below debug log

[08/May/2013 09:34:30] {IPsec} TunnelsList|thread: Tunnel '14-xxxxxxxx' should be up.
[08/May/2013 09:34:30] {IPsec} TunnelsList|thread: One of '14-xxxxxxxx' subtunnels is up, giving up to dial others after 5 retransmits.
[08/May/2013 09:34:30] {IPsec} TunnelsList|thread: Going to sleep for 36s.
[08/May/2013 09:35:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:35:32] {charon} charon: 02[IKE] sending keep alive to xxx.xxx.15.216[4500]
[08/May/2013 09:36:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:36:12] {charon} charon: 05[IKE] sending keep alive to xxx.xxx.15.216[4500]
[08/May/2013 09:37:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:38:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:38:24] {charon} charon: 12[IKE] sending keep alive to xxx.xxx.15.216[4500]
[08/May/2013 09:39:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:39:12] {charon} charon: 07[IKE] sending keep alive to xxx.xxx.15.216[4500]
[08/May/2013 09:40:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:41:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:42:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:43:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:44:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:45:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:46:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:47:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:48:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:49:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:50:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:51:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:52:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:53:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:54:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:55:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:56:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:57:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:58:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 09:59:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 10:00:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.
[08/May/2013 10:01:07] {IPsec} TunnelsList|thread: Going to sleep for 60s.

its happen once or twice everyday
  •  
spetit

Messages: 7
Karma: 0
Send a private message to this user
hi
do you ve a solution
i got the same issue
Previous Topic: Traffic with Apple Notification Service
Next Topic: Active Directory
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue May 23 22:38:58 CEST 2017

Total time taken to generate the page: 0.00821 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.