[ previous ] [ next ] [ threads ]
 
 From:  Paul Taylor <PaulTaylor at winn dash dixie dot com>
 To:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  IPSec question w/ Multiple Networks
 Date:  Fri, 21 Oct 2005 11:14:26 -0400
I've just started using IPSec in Monowall for a VPN connection (to a
SonicWall, if that matters)... In my situation, I have multiple networks
behind my Monowall, with various registered IP Addresses, as well as a 10.
network.  I would like all these networks to be able to communicate through
the tunnel, similar to what can be done with a Cisco router.  

Our VPN configuration is like so:

  +--------+
  !INET RTR!
  +--------+
      !
      !        Encrypted
  +--------+  VPN Traffic >  +----------+
  !        !-----------------! Monowall !
  !FIREWALL!                 +----------+
  !        !----------------------!
  +--------+  < Unencrypted Traffic
      !
      !

Basically, the encrypted VPN traffic comes in the Firewall, is shipped to
the Monowall, where it does the decryption.  (Both the LAN and WAN addresses
of the Monowall are registered IPs.  There are more VPN devices on this
network than just the Monowall.)  The unencrypted traffic is then shipped
back to the firewall on another interface, where our rules keep our business
partners locked into what they are supposed to be able to do.

As it stands now, only the "Local Network" configured in IPSec on my end can
communicate through the tunnel to the remote network.  

Is there any way to configure multiple networks like this?  Does each need
to be in its own tunnel?

Thanks,
Paul