[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Ipsec between two opt1 lans
 Date:  Thu, 7 Apr 2005 16:04:17 -0400
On Apr 7, 2005 9:35 AM, Damian <druiz at rochman dot net> wrote:
> The Ciscos has the function of linking the 10.1.3 and 10.1.4 (two locations
> ahead a mile) and we don't want to touch anything in these equipes. (first
> rule: don't touch if they rules)
> The m0n0s has the function of lan control of the wifi equipment, and the
> question is because i tried without luck to make a connection between all
> lans (from laptop in 10.1.1 to fileserver in 10.1.4 and viceversa from
> laptop in 10.1.2 to another fileserver in 10.1.3)
> The primary reason for choose the tunnel link is to don't touch the ciscos.

Solid reasoning.  You should be able to route across though, assuming
everything along the line has all the appropriate routes.  (the Ciscos
would need to know about both the networks behind m0n0wall in their
routing tables)  That's probably the easiest thing to do.  If you
can't hit one of them from the other side, setting up a VPN tunnel
will be even more frustrating.

Set up firewall rules on the WAN of both m0n0walls to permit ICMP and
ping from one m0n0wall to the other in both directions.  If that
doesn't work, your Ciscos are likely missing routes.

Oh, and in this situation you'll likely want to enable advanced
outbound NAT so m0n0wall just routes since you have no need for NAT in
this scenario.