[ previous ] [ next ] [ threads ]
 
 From:  "Tim Cary" <TDC at yesinc dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  IPSEC Encryption Policy
 Date:  Mon, 20 Mar 2006 12:55:47 -0500
Hello-
 
I need to define an additional firewall encryption policy over the same
IPEC tunnel.  I am not sure how to do this in M0n0Wall.
 
Details:
 
We own a Fortigate 200A.  It accepts IPSEC connections, and has a
feature where you can define a concentrator so that "spokes" of the VPN
hub can communicate with each other.  I have three separate networks
that need to talk to each other.  The hub is the Fortigate, as it is at
the main site.  The spokes are the M0n0Wall's at the remote sites.  I
need the spokes to talk to each other by way of the hub.
 
172.16.0.0/16 - HUB (Fortigate- main site)
172.18.0.0/16- Spoke1 (remote site)
172.19.0.0/16- Spoke2 (remote site)
 
The spokes are on DSL connections, so I have to use e-mail address as
the identifier.  Fortigate accepts these as dial-up connections.
 
Spoke1 and Spoke2 each make a tunnel to the hub.  So, hub can ping
spoke1, spoke1 can ping hub, and hub can ping spoke2, and spoke2 can
ping hub.  What is missing here is the ability to ping spoke1 from
spoke2, and ping spoke2 from spoke1.
 
Fortigate tech support tells me everything is set right on the
Fortigate.  But they say I need to define an additional firewall encrypt
rule (but NOT another tunnel) on each spoke to talk to the other spoke's
network.  How do I do that on the M0n0Wall?  This makes sense, but I
just can't see how to do it.
 
Any advice is appreciated.
 
Thank You.