RE: IPSEC tunnel issue..
From: Brent Wiese (brently_at_bjwcs.com)
Date: 10/29/03
- Previous message: JacobRhoden: "Re: Installation FreeBSD 5,1 release"
- Maybe in reply to: Micheal Patterson: "IPSEC tunnel issue.."
- Next in thread: Micheal Patterson: "Re: IPSEC tunnel issue.."
- Reply: Micheal Patterson: "Re: IPSEC tunnel issue.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: "'Micheal Patterson'" <micheal@tsgincorporated.com>, <freebsd-questions@freebsd.org> Date: Tue, 28 Oct 2003 16:25:48 -0700
> Here's my situation.
>
> I've got 2 networks at different facilities that are using
> public routable
> IP's. Each end has a fbsd box in bridge mode as their
> firewall between the
> lan and the cisco routers at each end. I've been tasked to establish a
> secure tunnel between these two networks and I'm having some
> trouble. I've
> searched google for ipsec information on this but every thing
> that I have
> found depicts a private lan behind the public ip's of the
> tunnel endpoints.
> Has anyone been able to establish this type of tunnel
> successfully? If so,
> can you please direct me to some information on this?
So if I understand correctly, you're running the FreeBSD firewall in
"transparent" mode? Hosts behind the firewall use public addresses on the
same subnet as the firewall public?
I think you may need to switch to NAT mode so you're running a
non-net-routeable (private) LAN. You can always stack more public Ips on the
firewall and port forward.
Or, if you run a routing daemon and have all your hosts point to it as the
default gateway, build the tunnel and route anything that isn't through the
tunnel at your real gateway.
Or, build the tunnel and add routes to all the hosts specifing the FreeBSD
box as the gateway for the remote network. This can be a pain to admin long
term, but if, for instance, you run a Windows domain, you can run a "route
add" batch file when users log into the network.
Brent
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: JacobRhoden: "Re: Installation FreeBSD 5,1 release"
- Maybe in reply to: Micheal Patterson: "IPSEC tunnel issue.."
- Next in thread: Micheal Patterson: "Re: IPSEC tunnel issue.."
- Reply: Micheal Patterson: "Re: IPSEC tunnel issue.."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
