> On Apr 7, 2005 9:35 AM, Damian <druiz at rochman dot net> wrote:
> > The Ciscos has the function of linking the 10.1.3 and 10.1.4 (two
> > locations ahead a mile) and we don't want to touch anything
> in these
> > equipes. (first
> > rule: don't touch if they rules)
> > The m0n0s has the function of lan control of the wifi
> equipment, and the
> > question is because i tried without luck to make a
> connection between all
> > lans (from laptop in 10.1.1 to fileserver in 10.1.4 and
> viceversa from
> > laptop in 10.1.2 to another fileserver in 10.1.3)
> > The primary reason for choose the tunnel link is to don't
> touch the ciscos.
> Solid reasoning. You should be able to route across though,
> assuming everything along the line has all the appropriate
> routes. (the Ciscos would need to know about both the
> networks behind m0n0wall in their routing tables) That's
> probably the easiest thing to do. If you can't hit one of
> them from the other side, setting up a VPN tunnel will be
> even more frustrating.
Both m0n0s are reachable between each ones, and to my ciscos is normal to
don't know about another routes more than the minimal owns.
> Set up firewall rules on the WAN of both m0n0walls to permit
> ICMP and ping from one m0n0wall to the other in both
> directions. If that doesn't work, your Ciscos are likely
> missing routes.
> Oh, and in this situation you'll likely want to enable
> advanced outbound NAT so m0n0wall just routes since you have
> no need for NAT in this scenario.
To the ipsec viewpoint is there any differencies between to use the wan ifs
or the opt1 ifs?
So, if i setup a tunnel between the two opt1 interfaces (terminating on
them), between the two wireless networks (10.1.2 and 10.1.3), and default gw
on the laptops to the anothers networks, i could get the desired effect of
interconnect all networks?
In this manner, as long as i know, the laptops will connect to any host in
any network because the m0n0s knows every network they have attached to they