On 3/22/06, sai <sonicsai at gmail dot com> wrote:
> On 3/20/06, Tim Cary <TDC at yesinc dot com> wrote:
> > Hello-
> > I need to define an additional firewall encryption policy over the same
> > IPEC tunnel. I am not sure how to do this in M0n0Wall.
> > Details:
> > We own a Fortigate 200A. It accepts IPSEC connections, and has a
> > feature where you can define a concentrator so that "spokes" of the VPN
> > hub can communicate with each other. I have three separate networks
> > that need to talk to each other. The hub is the Fortigate, as it is at
> > the main site. The spokes are the M0n0Wall's at the remote sites. I
> > need the spokes to talk to each other by way of the hub.
> > 172.16.0.0/16 - HUB (Fortigate- main site)
> > 172.18.0.0/16- Spoke1 (remote site)
> > 172.19.0.0/16- Spoke2 (remote site)
> > The spokes are on DSL connections, so I have to use e-mail address as
> > the identifier. Fortigate accepts these as dial-up connections.
> > Spoke1 and Spoke2 each make a tunnel to the hub. So, hub can ping
> > spoke1, spoke1 can ping hub, and hub can ping spoke2, and spoke2 can
> > ping hub. What is missing here is the ability to ping spoke1 from
> > spoke2, and ping spoke2 from spoke1.
> > Fortigate tech support tells me everything is set right on the
> > Fortigate. But they say I need to define an additional firewall encrypt
> > rule (but NOT another tunnel) on each spoke to talk to the other spoke's
> > network. How do I do that on the M0n0Wall? This makes sense, but I
> > just can't see how to do it.
> > Any advice is appreciated.
> > Thank You.
> This was on the list recently. I think that the solution was to have
> another tunnel. The Fortigate guy is probably confused.