[ previous ] [ next ] [ threads ]
 
 From:  Mark Wass <mark dot wass at market dash analyst dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSEC Setup Questions
 Date:  Mon, 07 Nov 2005 10:19:32 +1000
One more question I forgot to ask.

For setup and testing purposes before deployment of the VPN, is it 
possible to use a switch bewtween the 2 m0n0 boxes and give them 
192.168.50.0/24 addresses? see diagram below.



OPT1            OPT2                LAN
Real IP's       192.168.21.0/24     192.168.20.0/24
|               |                   |
|               |                   |
|               |                   |
-------------m0n0wall----------------
         Site 2 |WAN Static IP = 192.168.50.2
                |
                |
                |(Switch)
                |
                |
         Site 1 |WAN Static IP = 192.168.50.1
-------------m0n0wall----------------
|               |                   |
|               |                   |
|               |                   |
OPT1            OPT2                 LAN
Real IP's       192.168.2.0/24       192.168.1.0/24


Mark Wass wrote:

> Hi All
>
> I'm in the process of setting up an IPSEC VPN between 2 m0n0wall 
> routers and I have a couple of questions.
>
> Firstly this is my intended layout.
>
>
> OPT1            OPT2                LAN
> Real IP's       192.168.21.0/24     192.168.20.0/24
>  |               |                   |
>  |               |                   |
>  |               |                   |
>  -------------m0n0wall----------------
>           Site 2 |WAN Static Real IP = aaa.bbb.ccc.dd1
>                  |
>                  |
>                  |(Internet)
>                  |
>                  |
>           Site 1 |WAN Static Real IP aaa.bbb.ccc.dd2
>  -------------m0n0wall----------------
>  |               |                   |
>  |               |                   |
>  |               |                   |
> OPT1            OPT2                 LAN
> Real IP's       192.168.2.0/24       192.168.1.0/24
>
>
> Q1. I need the all the LAN hosts on Site 1 to be able to access all 
> the servers on the OPT2 of Site 2, is the following the correct setup 
> for that VPN
>
> On m0n0wall Site 1
> Local Subnet = 192.168.1.0/24
> Remote Subnet = 192.168.21.0/24
> Remote Gateway = aaa.bbb.ccc.dd1
>
> On m0n0wall Site 2
> Local Subnet = 192.168.21.0/24
> Remote Subnet = 192.168.1.0/24
> Remote Gateway = aaa.bbb.ccc.dd2
>
> Q2. Do I repeat this similar setup to connect any of the subnets at 
> either site to each other. e.g. OPT2 on Site1 to OPT2 on Site2. Can I 
> even establish an IPSEC VPN between OPT2 Site1 and OPT2 Site2?
>
> Q3. Is it true that you cannot apply any firewall rules to IPSEC 
> tunnels when using m0n0wall? I would have liked to limit what  traffic 
> can be passed between these IPSEC VPN tunnels.
>
> Q4. Can I have multiple IPSEC tunnels from OPT2 hosts on Site1 to 
> different remote sites (not using m0n0) around the world, in 
> conjuction with my m0n0wall to m0n0wall IPSEC VPN?
>
> Thanks
>
> Mark
>