Hi,
I'm using m0n0 v1.22. Let me explain my setup.
[ Office1 192.168.100.0/24 ]
|
(Cisco1)------------Ipsec VPN-----------------
|
Public Server1
| |
[Office1 192.168.101.0/24] |
<Vlan1>
|
| | |--<vlan1>--|
(Cisco2)-------------Ipsec VPN-----------(Cisco
HQ)-<vlan1,2>--[SWITCH] [m0n0wall]----[HQ office LAN]
|
| |--<vlan2>--|
|
| <vlan1>
[OfficeX... 192.168.0.0/16 ] |
|
| |
Public Server2
(Cisco3)------------Ipsec VPN-----------------
OfficeX: 192.168.100.x-192.168.140.x (subnet mask /24)
All ofices conected throught DSL 512kbps
VLAN2: has 6 public IPs
VLAN1: 172.16.0.1 (cisco if), 172.16.0.2(m0n0 if)
HQ Office: 192.168.42.0/24
HQ Office connected through leased line 1024kbps
(Cisco1,Cisco2,CiscoX) MTU: 1430, there is no posibility to make biger
MTU of a VPN tunnel
m0n0wall has 3 interfaces:
WAN: 213.x.x.x/29 <vlan1>
LAN: 192.168.42.0/24
Cisco1721: 172.16.0.0/30 <vlan2>
Rules:
IF: LAN - SRC:192.168.0.0/16 permit all in/out
IF: Cisco1721 - SRC: src:* dest:* port:* allow
Resume: all trafic on LAN and Cisco1721 interfaces are allowed.
Let me explain my problem.
When I for egz. on one of OfficeX computer trying to refresh Group
policy (command: gpupdate /force)
On m0n0wall I see errors:
1. DROP 13:00:18.679267 cisco1721 192.168.135.11 192.168.42.248,
type 11866:576@1480) ICMP
after some time (5-15 sec.)
DROP - 13:02:30.458596 LAN 192.168.42.248 192.168.135.11, type
timxceed/reassem ICMP
DROP - 13:02:24.458692 LAN 192.168.42.248 192.168.135.11, type
timxceed/reassem ICMP
So in event I see that group policy cannot be refreshed becaus
domain controller not found on OfficeX network.
Q: Why m0n0 drops pakets if rules are permit all to from * to *
Lot of thanks for your help. | 