[ previous ] [ next ] [ threads ]
 
 From:  Max Cristin <max dot cristin at rogers dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  IPsec and routing question
 Date:  Fri, 02 Feb 2007 10:40:24 -0500
I have setup an IPSec tunnel between M0n0 1.3b3 and Sonicwall PRO 2040:

192.168.0.0/24 -> Sonicwall (xxx.xxx.xxx.xxx) -> Internet <- M0n0 
(yyy.yyy.yyy.yyy) <- 192.168.1.0/24

I first terminated the tunnel at both LAN's and traffic was going back 
and forth without any problem on either side. That was good, but I 
needed to limit access to the 1.0/24 subnet to just few specific hosts 
on the 0.0/24 subnet.

Because of limitation of the Standard version of SonicOS, Sonicwall 
support told me that it could be done only if I terminate the tunnel at 
the Sonicwall WAN instead of the LAN and then add firewall rules on the 
Sonicwall to allow or deny specific traffic.

I did that and now on the M0n0wall side the tunnel is terminated at the 
LAN (192.168.1.0/24) while at the Sonicwall side the tunnel is 
terminated at the WAN (xxx.xxx.xxx.xxx). After I added the rules on the 
sonicwall to allow only specific hosts to access the 1.0/24 subnet I'm 
able to communicate on that direction.

The problem now is that nobody in the 1.0/24 subnet can reach the 0.0/24 
subnet. So basically the traffic is only going in one direction. The 
rules on the Sonicwall allow all the traffic from 1.0/24 to go to 
0.0/24, but that still doesn't work.

Do I have to add static routes in order for this to work? Any help and 
suggestion is appreciated.

Thanks.

Max