It sounds like the sonic wall will either allow you to do all LAN <-->
LAN or if you need to restrict it to a single host than it requires you
to do a LAN <--> WAN address and than do NAT from the WAN to your
private side allowing you to block/allow access to a particular host.
So from your mono wall side you'll access the wan address instead of
the private addresses. Sounds like the Sonicwall is severly limiting
you. If I were you i would just replace the sonicwall with another m0n0wall.
Max Cristin wrote:
> I have setup an IPSec tunnel between M0n0 1.3b3 and Sonicwall PRO 2040:
> 192.168.0.0/24 -> Sonicwall (xxx.xxx.xxx.xxx) -> Internet <- M0n0
> (yyy.yyy.yyy.yyy) <- 192.168.1.0/24
> I first terminated the tunnel at both LAN's and traffic was going back
> and forth without any problem on either side. That was good, but I
> needed to limit access to the 1.0/24 subnet to just few specific hosts
> on the 0.0/24 subnet.
> Because of limitation of the Standard version of SonicOS, Sonicwall
> support told me that it could be done only if I terminate the tunnel
> at the Sonicwall WAN instead of the LAN and then add firewall rules on
> the Sonicwall to allow or deny specific traffic.
> I did that and now on the M0n0wall side the tunnel is terminated at
> the LAN (192.168.1.0/24) while at the Sonicwall side the tunnel is
> terminated at the WAN (xxx.xxx.xxx.xxx). After I added the rules on
> the sonicwall to allow only specific hosts to access the 1.0/24 subnet
> I'm able to communicate on that direction.
> The problem now is that nobody in the 1.0/24 subnet can reach the
> 0.0/24 subnet. So basically the traffic is only going in one
> direction. The rules on the Sonicwall allow all the traffic from
> 1.0/24 to go to 0.0/24, but that still doesn't work.
> Do I have to add static routes in order for this to work? Any help and
> suggestion is appreciated.
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch