Re: [m0n0wall] IPSec thru 2 M0n0walls?

From:	Robert Rich <rrich at gstisecurity dot com>
To:	Stefan Jakobsson <stefanj at eastpoint dot se>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] IPSec thru 2 M0n0walls?
Date:	Sat, 01 Jan 2005 09:06:13 -0500

If there is no NAT required, you can just open up UDP500 (ISAKMP) and IP 
protocols ESP and AH between 'other fw' and 'm0n01' and you should be 
ok.  If you have the default LAN rule in place (allow all), then you 
just have to worry about the WAN side...otherwise you'll have to put 
complementary rules on each interface.

If you do have NAT somewhere, things could get trickier.

Stefan Jakobsson wrote:

> Hi all.
>
> Need to set up an IPSec tunnel that will pass thru 2 m0n0walls and 
> wonder if anyone has done this and have an idea on how I accomlish this.
>
> This is what I need to do:
>
> LAN--m0n01---WAN--serverpark--LAN--m0n02--WAN--INET--Other FW
>
> The WAN IP on m0n01 is a static IP that is not a private range, and 
> the lan and wan on m0n02 is not private IP's either.
>
> So basicly what I want to do is pass everything thru m0n02 and 
> terminate the IPSec tunnel in m0n01. Any pointers on accomplishing this?
>