[ previous ] [ next ] [ threads ]
 
 From:  "Kristian Shaw" <monowall at wealdclose dot co dot uk>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] IPSec VPN Question
 Date:  Tue, 18 Oct 2005 18:18:06 +0100 
Hello,

You will need to create another IPSEC tunnel with the range of the DMZ IPs 
if you want to access them via VPN.

At the moment I guess you have a VPN that covers 192.168.37.0 <-> 
192.168.1.0

Create another VPN with the same parameters (same shared secret, phase 1, 
phase 2 etc) but use the 192.168.37.0 <-> 10.0.0.0 IP ranges.

This topic has been covered before so you may find what you need in the 
archives.

Regards,

Kris.

----- Original Message ----- 
From: "Jason King" <jking at informs dot com>
Cc: <m0n0wall at lists dot m0n0 dot ch>
Sent: Tuesday, October 18, 2005 1:43 PM
Subject: Re: [m0n0wall] IPSec VPN Question


> Man, that diagram did NOT come out like I had hoped it would. But you
> get the idea.
>
> Jason
>
> Jason King wrote:
>
>> Here is an interesting scenario for the list. I have a remote user
>> that needs to connect to our home offices via IPSec VPN. We can get
>> the tunnel working just fine and the endpoint lands in the LAN section
>> of the network. Well, we have a DMZ segment that she also needs to
>> have access to and with the current VPN settings, she is unable to
>> connect to it.
>>
>> Like so:
>>
>>          Home PC (192.168.37.100)
>>                |
>>                |
>> Linksys VPN Router(192.168.37.1)
>>                |                \
>>                |V               \
>>                |P            Internet
>>                |N           /
>>                |            /              m0n0wall
>>          /            \
>>        /                \
>> LAN               DMZ
>> (192.168.1.1)    (10.0.0.1)
>> She routes perfectly to the LAN segment, but she is unable to route to
>> the DMZ.  A tracert shows that the packet destined for my DMZ is
>> routing itself out to the internet instead of down the VPN tunnel. I
>> have added a static route to the linksys but it is still trying to
>> route out to the internet. Any other ideas?
>>
>> Jason
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>