[ previous ] [ next ] [ threads ]
 From:  mtnbkr <waa dash m0n0wall at revpol dot com>
 To:  Joe Lagreca <lagreca at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Possible to do one way IPsec?
 Date:  Wed, 12 Apr 2006 09:08:04 -0400
Joe Lagreca wrote:
> Is it possible to create a one way IPsec VPN?
> For example, I have created a IPsec VPN from my office m0n0wall, to
> one of my clients Netscreen's.  Is there some way I can set it up so
> that I can access resources on their LAN, but not let them have them
> have access to my LAN?
> I have tried creating a few rules to try and prevent them having
> access, but haven't had any success.
> Has anyone tried this before?  Is this even a possibility?

Hi Joe.

Yes, and yes. But it depends on Netscreen's capabilities. I do this with
many of my clients - but all from m0n0wall <-> m0n0wall.

To do this you will need to think in reverse. That is, on the CLIENT's
Netscreen you will need to set up rule(s) to block all traffic TO your lan.

If that is not possible on the Netscreen, you may consider moving them
to a m0n0wall.

Bill Arlofski
Reverse Polarity