[ previous ] [ next ] [ threads ]
 
 From:  "David Kitchens" <spider at webweaver dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  VPN pass thru
 Date:  Mon, 9 May 2005 13:38:58 -0400
Ok gang, here is my situation, bad asci art included, lol
Client has new fractional t1 to replace dsl circuit in MI office. There is
an office in IL as well running a satellite connection. Before they got the
frac t1, the MI office connection came in the dsl, pppoe, and lan side of
that router was 192.168.3.254 which was plugged into a Cisco 1711 Lan
interface. The IL office has another Cisco 1711 with static IP on WAN. There
is a VLAN setup on both Ciscos that runs a VPN between the offices. The only
thing I have done is to replace the dsl router with a m0n0wall on the new
frac t1 with a static WAN IP. I gave the LAN on m0n0 the same 3.254 address.
I know that the IL cisco needs to be reconfigured with the new ip address of
the frac t1 and there is a tech heading there now to do that for me. I have
setup a m0n0wall ipsec vpn between the MI office and my home m0n0wall but I
cannot access their internal network, I can only get to the monowall gui. I
do have both cisco configs exported if they will be needed by someone to
help. I am not a cisco pro, I can manage them fine and understand most of
them but I am far from fluent with IOS. Both units run IOS 12.3. Initial
question is what ports need forwarded to allow the vpn to function thru
m0n0wall? Bad asci art next...
 
    Illinois Cisco    -    internet    -    M0n0wall    -    Michigan Cisco
WAN    209.x.x.85                        69.x.x.98         192.169..3.1
LAN    192.168.1.1                       192.186.3.254   192.168.2.254
 
Do I need static route in m0n0wall to the 192.168.2.x network? I cannot
connect to their W2K server via terminal session from my home as my vpn is
to the 3.x network, my network is 192.168.15.x. This is entirely different
problem but one I found this morning. I really need to first get the VPN
open thru m0n0wall so the 1.x and 2.x networks can see each other. The DHCP
is run in IL on the cisco and in MI its on the W2K server for what thats
worth. The client ultimately would like to have vpn ability from laptops for
their sales people when they are on the raod. I hoped to do that on m0n0wall
but since my vpn cant see the 2.x network I assume those later vpns will
need to be configured on the cisco? Ugh! 
 
Dave