DOES anybode have an idea how to "translate the SnapGear" VPN
connection described below to m0n0Wall?
Please, i would apreciate a repy to the post..at leas once....
Especialy the Iptables settings:
iptables -t nat -I POSTROUTING -d 151.193.141.0/255.255.255.0 -s
192.168.160.0/255.255.255.0 -j SNAT --to-source xxx.xxx.xxx.xxx
p.s. Below are the setting for setting up on SnapGear..It is quite a
simple setting...but i cannot put it to work
Setup Guidelines for Interoperating the SnapGear(TM) with the SABRE(R)
Group Network.
Date: 30-05-2002
SnapGear firmware: v.1.6.1
1. Example Network Setup:
(151.193.141.0/24)
Internal LAN
|
|
Nortel Contivity Switch
(etdvpn.sabre.com)
|
|
|
Internet
|
|
|
(Dynamic IP Address)
SnapGear (initiating the IPSec connection)
|
|
|
(192.168.160.0/24)
Internal LAN
2. SnapGear IPSec Setup Web Page:
Enable IPSec: Checked
IPSec Interfaces: Default route
Add Connection Web Page:
General Setup.
Connection Name: Sabre_to_SnapGear
Use Aggressive Mode: Checked
Local Gateway.
Internal subnet/netmask: xxx.xxx.xxx.xxx/255.255.255.255
(This is the aliased interface given by Sabre)
External IP: Default route chosen
Authentication Identifier: @username_given_by_Sabre
Remote Gateway.
Internal subnet/netmask: 151.193.141.0/255.255.255.0
External IP: etdvpn.sabre.com
Authentication Identifier: leave blank
Dead Peer Detection.
Use Dead Peer Detection: Checked
Delay (s): 9s
Timeout (s): 30s
Authentication Method for Automatic Keying (IKE)
Select Using a Pre-Shared Secret - (recommended)
*Note: the Authentication Identifier must begin with a "@". This is
to
indicate that DNS lookups on the identifier must not be performed.
Automatic Keying (IKE) Setup
Automatic Startup.
Automatically enable connection when IPSec is started:
Checked
Aggressive Mode Phase 1 Settings
Cipher: DES
Diffie Helman Group: 1
Hash: MD5
Authorisation.
Select ESP Encryption.
Authentication.
Type in the preshared secret given by Sabre.
Key Configuration.
Key Lifetime (hr): 1
Enable Perfect Forward Secrecy of keys: Unchecked
Negotiate Connection Attempts: Never Give Up.
3. Setup Additional Firewall Rules.
Go to the "Rule" link under the Firewall heading on the side menu
of the SnapGear's configuration web page. Select the "Custom
firewall
rules are in addition to builtin rules" option and add the following
rule in the text box below:
iptables -t nat -I POSTROUTING -d 151.193.141.0/255.255.255.0 -s
192.168.160.0/255.255.255.0 -j SNAT --to-source xxx.xxx.xxx.xxx
(print as one line)
Where xxx.xxx.xxx.xxx is the aliased interface given by Sabre.
Click Submit. Removing "-s 192.168.160.0/255.255.255.0" in the
above line will allow any host to have access to the tunnel (at the
moment only packets with the source address of subnet
192.168.160.0/24
will be allowed through).
4. Save the config and then try to ping from a host on the Internal
LAN behind the SnapGear to a host on the Internal LAN behind the
Nortel Contivity Switch.
5. You will also need to run the application used to synchronise host
printing from Sabre on a host behind the SnapGear. This application is
used as a method to send keep alive packets over the tunnel to prevent
the Nortel Contivity Switch from disconnecting the tunnel after an
idle time period.
http://www.cyberguard.info/snapgear/cgi-bin/fom?_recurse=1&file=34#file_192 | 