[ previous ] [ next ] [ threads ]
 
 From:  Krzysztof Czajka <krzysztof dot czajka at telmor dot com dot pl>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Routing problem and ipsec
 Date:  Thu, 10 Aug 2006 14:26:56 +0200
Hi I have question with routing config...
My question is: is it possible to make routing between DMZ and remote
location connected via VPN ?

Situation:

M0n0wall_1
   - WAN (some_ip_1)
   - LAN IP 192.168.10.1 (192.168.10.0/24)
   - DMZ IP 192.168.11.1 (192.168.11.0/24)
   - ipsec tunnel between M0n0wall_1 LAN and M0n0wall_2 LAN

M0n0wall_2
   - WAN (some_ip_2)
   - LAN 192.168.12.1 (192.168.12.0/24)
   - ipsec tunnel between M0n0wall_1 LAN and M0n0wall_2 LAN

IPSEC tunnel betwen LANs have to stay.

I want ping directly host 192.168.11.10 in DMZ from 192.168.12.0/24 LAN.

1.) I try to setup static routing on M0n0wall_2 dest. network:
192.168.5.0/24; interface IMHO should be ipsec0 - I can't setup it (I
can choise only PPTP,WAN,LAN); default gateway: 192.168.10.1.
It was wrong, routing table was corrupt after deleting this route, so I
should restart M0n0wall.

2.) I try to setup second ipsec tunnel but it goes wrong - I think, that
m0n0walls can not identify two tunnels with same destination WAN IP.
adding ipsec tunnel between M0n0wall_1 DMZ and M0n0wall_2 LAN

Have you any idea to solve that problem ?

Or should I forward hosts ports from DMZ to WAN IP in M0n0wall_1 ?
I want avoid this solution because some service on DMZ host (embedded
solution) is allowed to connect with only two IP adresses in remote LAN.


Regards
Krzysztof Czajka