VPN secario with three firewalls



  • Hi all,

    one question to following scenario:
    ssg1 (1.1.1.1) -> internet -> (2.2.2.2) ssg2 (192.168.1.1) -> (192.168.1.2) ssg3

    I want to configure a site-to-site vpn between ssg1 and ssg3 through ssg2.
    I I use the ip 2.2.2.2 on ssg3 without ssg2 the vpn works.
    How do I have to configure ss2 for throughput?
    I configure a mip on ssg2 (2.2.2.2 map to 192.168.1.2). The policy allows ipsec. It seems that the tunnel (ssg1 - ssg3) bounce between up and down.
    What do I wrong?

    Kind regards & Thanks



  • This was my second thought. But with IKE and IPSec the tunnel is still bouncing. With any service in the policy the tunnel seems to be stable. Do I need any other protocol?



  • You need to allow ipsec in the policy and IKE . Because the first part of creating a vpn is the phase 1 which starts the IKE process then phase 2 creates IPSEC tunnel.

    also what does the log show on remote end ?


 

50
Online

38.5k
Users

12.7k
Topics

44.5k
Posts