[ previous ] [ next ] [ threads ]
 
 From:  "Kristian Shaw" <monowall at wealdclose dot co dot uk>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] IPSEC can not access DMZ
 Date:  Tue, 20 Sep 2005 18:48:24 +0100
Hello,

In my experience with IPSEC you will need to create seperate IPSEC tunnels -
you can't add routes for this sort of situation.

It is possible to create two tunnels, one for each subnet (LAN and DMZ).
Just make sure that everything is the same (encryption methods, shared
secret etc) apart from the subnets.

Instead of creating two tunnels, you could perhaps supernet the 192.168.5
and 192.168.6 subnets into one larger subnet, eg. 192.168.4.0 /
255.255.252.0 (22 bits) which would then cover both your LAN and DMZ ranges
in one IPSEC entry. Just make sure that both ends agree otherwise the VPN
won't come up!

Regards,

Kris.

----- Original Message ----- 
From: "Greg Miller" <gmiller at mainstaydata dot com>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Tuesday, September 20, 2005 5:27 PM
Subject: RE: [m0n0wall] IPSEC can not access DMZ


>I looked at that section of the documentation and implemented it (I think)
> but it did not work.  How would I have to setup my ipsec tunnels?  Right 
> now
> I have subnet 192.168.123.0 at my remote lan and 192.168.6.0 for my local
> lan and 192.168.5.0 for my dmz.  .123 and .6 can access each other fine 
> and
> ..6 can access .5 fine.  What would I have to do?  Create a rule?  Static
> route? Both?  Something else?  Thanks.
>
> --
> Greg Miller
> www.mainstaydata.com
> o. 616.855.2559
> c. 616.890.7813
> f.  616.777.0504
>
> -----Original Message-----
> From: Chris Buechler [mailto:cbuechler at gmail dot com]
> Sent: Tuesday, September 20, 2005 12:22 PM
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] IPSEC can not access DMZ
>
> On 9/20/05, Greg Miller <gmiller at mainstaydata dot com> wrote:
>> How do I configure my m0n0wall to allow traffic from an IPSEC tunnel to
>> access my mail server which is in the DMZ?
>
> http://img.m0n0.ch/docbook/faq-ipsec-multiple-subnets.html
>
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>