If there is no NAT required, you can just open up UDP500 (ISAKMP) and IP
protocols ESP and AH between 'other fw' and 'm0n01' and you should be
ok. If you have the default LAN rule in place (allow all), then you
just have to worry about the WAN side...otherwise you'll have to put
complementary rules on each interface.
If you do have NAT somewhere, things could get trickier.
Stefan Jakobsson wrote:
> Hi all.
> Need to set up an IPSec tunnel that will pass thru 2 m0n0walls and
> wonder if anyone has done this and have an idea on how I accomlish this.
> This is what I need to do:
> LAN--m0n01---WAN--serverpark--LAN--m0n02--WAN--INET--Other FW
> The WAN IP on m0n01 is a static IP that is not a private range, and
> the lan and wan on m0n02 is not private IP's either.
> So basicly what I want to do is pass everything thru m0n02 and
> terminate the IPSec tunnel in m0n01. Any pointers on accomplishing this?