View Single Post
  #1   (View Single Post)  
Old 27th October 2010
bitfrost bitfrost is offline
New User
 
Join Date: Jul 2010
Posts: 2
Default Problems with IPSEC and Dynamic GW Roadwarrior

Hi, I have the following network diagram


PRIVATE IP
172.0.0.0/8
[ NOKIA E71 PHONE 1 ]------------ RAMDOM PUBLIC IP 200.25.64/26 ( ) STATIC IP PUBLIC IP [190.10.9.8] 172.16.20.0/24
--[ 3G ISP ]------------------------( Internet )-------------------[ VPN-Gateway / FIREWALL ]------------------------[HOSTS]
[ NOKIA E71 PHONE 2 ]----------- ( )


The phone gets connected, and my routes show this every time a phone connects on:

Encap:
Source Port Destination Port Proto SA(Address/Proto/Type/Direction)
172.27.141.167/32 0 default 0 0 200.25.197.117/esp/use/in
default 0 172.27.141.167/32 0 0 200.25.197.117/esp/require/out
172.28.28.14/32 0 default 0 0 200.25.197.121/esp/use/in
default 0 172.28.28.14/32 0 0 200.25.197.121/esp/require/out
172.28.43.174/32 0 default 0 0 200.25.197.107/esp/use/in
default 0 172.28.43.174/32 0 0 200.25.197.107/esp/require/out
172.31.55.203/32 0 default 0 0 200.25.197.89/esp/use/in
default 0 172.31.55.203/32 0 0 200.25.197.89/esp/require/out
172.31.33.42/32 0 default 0 0 200.25.197.94/esp/use/in
default 0 172.31.33.42/32 0 0 200.25.197.94/esp/require/out
172.31.126.146/32 0 default 0 0 200.25.197.109/esp/use/in
default 0 172.31.126.146/32 0 0 200.25.197.109/esp/require/out


But my Roadwarrior (the phone) is changing from GW every time it connects (random 200.25.64/26), as you can see here i need a bi-nat, for the sad case it hits the same ip 172.16.20.0/24 some day, dont blame me about the ip addressing.

Here is my ipsec.conf

ike passive from any to any main auth hmac-sha1 enc aes group modp1024 quick auth hmac-sha1 enc aes psk x6f1d59e544ffccd5d48cf8f9199cd7af4005535


Any help will be greatly appreciated.

Greetings
Reply With Quote