[ previous ] [ next ] [ threads ]
 
 From:  "Greg Miller" <gmiller at mainstaydata dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] IPSEC can not access DMZ
 Date:  Tue, 20 Sep 2005 13:48:16 -0400
I did try creating a "supernet" like you say but I did it much broader
(maybe this is where my problem lies?)  I had setup local lan on the
m0n0wall to be 192.168.0.0 and then setup the other side of the tunnel
accordingly.  The tunnel came up but I had no access to the DMZ.  

On a somewhat similar note I also have multiple remote locations via ipsec
tunnels and would like to access remote A to remote B  through m0n0Wall at
location C.  Would this same "supernet" work for this as well?

--
Greg Miller
www.mainstaydata.com
o. 616.855.2559
c. 616.890.7813
f.  616.777.0504

-----Original Message-----
From: Kristian Shaw [mailto:monowall at wealdclose dot co dot uk] 
Sent: Tuesday, September 20, 2005 1:45 PM
To: Greg Miller
Subject: Re: [m0n0wall] IPSEC can not access DMZ

Hello,

In my experience with IPSEC you will need to create seperate IPSEC tunnels -

you can't add routes for this sort of situation.

It is possible to create two tunnels, one for each subnet (LAN and DMZ). 
Just make sure that everything is the same (encryption methods, shared 
secret etc) apart from the subnets.

Instead of creating two tunnels, you could perhaps supernet the 192.168.5 
and 192.168.6 subnets into one larger subnet, eg. 192.168.4.0 / 
255.255.252.0 (22 bits) which would then cover both your LAN and DMZ ranges 
in one IPSEC entry. Just make sure that both ends agree otherwise the VPN 
won't come up!

Regards,

Kris.

----- Original Message ----- 
From: "Greg Miller" <gmiller at mainstaydata dot com>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Tuesday, September 20, 2005 5:27 PM
Subject: RE: [m0n0wall] IPSEC can not access DMZ


>I looked at that section of the documentation and implemented it (I think)
> but it did not work.  How would I have to setup my ipsec tunnels?  Right 
> now
> I have subnet 192.168.123.0 at my remote lan and 192.168.6.0 for my local
> lan and 192.168.5.0 for my dmz.  .123 and .6 can access each other fine 
> and
> ..6 can access .5 fine.  What would I have to do?  Create a rule?  Static
> route? Both?  Something else?  Thanks.
>
> --
> Greg Miller
> www.mainstaydata.com
> o. 616.855.2559
> c. 616.890.7813
> f.  616.777.0504
>
> -----Original Message-----
> From: Chris Buechler [mailto:cbuechler at gmail dot com]
> Sent: Tuesday, September 20, 2005 12:22 PM
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] IPSEC can not access DMZ
>
> On 9/20/05, Greg Miller <gmiller at mainstaydata dot com> wrote:
>> How do I configure my m0n0wall to allow traffic from an IPSEC tunnel to
>> access my mail server which is in the DMZ?
>
> http://img.m0n0.ch/docbook/faq-ipsec-multiple-subnets.html
>
> -chris
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>