[ previous ] [ next ] [ threads ]
 
 From:  "Craig Hulbert" <craig at mylittleservers dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Multiple Networks behind NIC of Captive Portal
 Date:  Tue, 14 Mar 2006 19:45:38 -0500
To Help explain my problem.. Here is what I am mocking up to test...

Network Diagram:
http://www.mylittleservers.com/FacilityGuestAccess.jpg 

Any help appreciated.. I don't want to buy a Cisco BBSM or Nomadix if I can
get this working.

It works just fine in the layer 2 network between the pix and the m0n0wall.
But as soon as I have a device from the tunnel attempt it.. It doesn't
respond.. 

Am I the only one that is trying to route behind a captive portal on a
m0n0wall  

Due to the number of sites and vpn's, I can't just have one big layer 2
network with a huge mask.. 


-----Original Message-----
From: Craig Hulbert [mailto:craig at mylittleservers dot com] 
Sent: Tuesday, March 14, 2006 7:34 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Multiple Networks behind NIC of Captive Portal

I have a large network that I would like to front end with a captive portal.
 
The front of the m0n0wall is the Internet with NAT outbound
 
The LAN interface comes off a Cisco PIX that has many tunnels in network
extension (routing) mode.
 
The LAN interface is 192.168.0.1/24 of the m0n0wall The Pix interface is
192.168.0.2
 
When I send traffic across the tunnel it I can get out of the pix.. but the
m0n0wall doesnt pick up the traffic thus I can't get through it.
 
Is the m0n0wall limited to 1 network behind the captive portal.. i.e. no
other routers?
 
The monowall can ping across the tunnels
 
The tunneled pc's can't ping the m0n0wall.. I can see the traffic going to
the m0n0wall but not coming back.
 
Am I missing something.. 
 
I have 500 sites I wan't to run guest access at.. I can't afford a device at
each site.. I would like to backhaul a subnet per facility over a vpn and
then hit a single m0n0wall thus making managment easier of the entire
network of guests
 
Thanks
craig at mylittleservers dot com