|
||||||||||
On 3/22/06, sai <sonicsai at gmail dot com> wrote: > On 3/20/06, Tim Cary <TDC at yesinc dot com> wrote: > > Hello- > > > > I need to define an additional firewall encryption policy over the same > > IPEC tunnel. I am not sure how to do this in M0n0Wall. > > > > Details: > > > > We own a Fortigate 200A. It accepts IPSEC connections, and has a > > feature where you can define a concentrator so that "spokes" of the VPN > > hub can communicate with each other. I have three separate networks > > that need to talk to each other. The hub is the Fortigate, as it is at > > the main site. The spokes are the M0n0Wall's at the remote sites. I > > need the spokes to talk to each other by way of the hub. > > > > 172.16.0.0/16 - HUB (Fortigate- main site) > > 172.18.0.0/16- Spoke1 (remote site) > > 172.19.0.0/16- Spoke2 (remote site) > > > > The spokes are on DSL connections, so I have to use e-mail address as > > the identifier. Fortigate accepts these as dial-up connections. > > > > Spoke1 and Spoke2 each make a tunnel to the hub. So, hub can ping > > spoke1, spoke1 can ping hub, and hub can ping spoke2, and spoke2 can > > ping hub. What is missing here is the ability to ping spoke1 from > > spoke2, and ping spoke2 from spoke1. > > > > Fortigate tech support tells me everything is set right on the > > Fortigate. But they say I need to define an additional firewall encrypt > > rule (but NOT another tunnel) on each spoke to talk to the other spoke's > > network. How do I do that on the M0n0Wall? This makes sense, but I > > just can't see how to do it. > > > > Any advice is appreciated. > > > > Thank You. > > > > This was on the list recently. I think that the solution was to have > another tunnel. The Fortigate guy is probably confused. > > sai > http://www.m0n0.ch/wall/list/showmsg.php?id=250/54 |