[ previous ] [ next ] [ threads ]
 
 From:  sai <sonicsai at gmail dot com>
 To:  "Tim Cary" <TDC at yesinc dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] IPSEC Encryption Policy
 Date:  Wed, 22 Mar 2006 15:39:47 +0500
On 3/22/06, sai <sonicsai at gmail dot com> wrote:
> On 3/20/06, Tim Cary <TDC at yesinc dot com> wrote:
> > Hello-
> >
> > I need to define an additional firewall encryption policy over the same
> > IPEC tunnel.  I am not sure how to do this in M0n0Wall.
> >
> > Details:
> >
> > We own a Fortigate 200A.  It accepts IPSEC connections, and has a
> > feature where you can define a concentrator so that "spokes" of the VPN
> > hub can communicate with each other.  I have three separate networks
> > that need to talk to each other.  The hub is the Fortigate, as it is at
> > the main site.  The spokes are the M0n0Wall's at the remote sites.  I
> > need the spokes to talk to each other by way of the hub.
> >
> > 172.16.0.0/16 - HUB (Fortigate- main site)
> > 172.18.0.0/16- Spoke1 (remote site)
> > 172.19.0.0/16- Spoke2 (remote site)
> >
> > The spokes are on DSL connections, so I have to use e-mail address as
> > the identifier.  Fortigate accepts these as dial-up connections.
> >
> > Spoke1 and Spoke2 each make a tunnel to the hub.  So, hub can ping
> > spoke1, spoke1 can ping hub, and hub can ping spoke2, and spoke2 can
> > ping hub.  What is missing here is the ability to ping spoke1 from
> > spoke2, and ping spoke2 from spoke1.
> >
> > Fortigate tech support tells me everything is set right on the
> > Fortigate.  But they say I need to define an additional firewall encrypt
> > rule (but NOT another tunnel) on each spoke to talk to the other spoke's
> > network.  How do I do that on the M0n0Wall?  This makes sense, but I
> > just can't see how to do it.
> >
> > Any advice is appreciated.
> >
> > Thank You.
> >
>
> This was on the list recently. I think that the solution was to have
> another tunnel. The Fortigate guy is probably confused.
>
> sai
>

http://www.m0n0.ch/wall/list/showmsg.php?id=250/54