Re: [Bulk] Re: [m0n0wall] IPsec and routing question

From:	Max Cristin <max dot cristin at rogers dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [Bulk] Re: [m0n0wall] IPsec and routing question
Date:	Fri, 02 Feb 2007 19:27:47 -0500
Thank you for the reply. After more testing I came to the conclusion 
that there are no other way around it. M0n0 has no way to know how to 
route to the other LAN obviously. I might end up putting another M0n0 
box in front of the Sonicwall. Much cheaper than pay them an extra $600 
to get "optional" features that come standard on a $30 Linksys routers.

Max


Mark Rinaudo wrote:
> Max,
> 
> It sounds like the sonic wall will either allow you to do all LAN <-->
> LAN or if you need to restrict it to a single host than it requires you
> to do a LAN <--> WAN address and than do NAT from the WAN to your
> private side allowing you to block/allow access to a particular host.
>   So from your mono wall side you'll access the wan address instead of
> the private addresses.  Sounds like the Sonicwall is severly limiting
> you. If I were you i would just replace the sonicwall with another 
> m0n0wall.
> 
> Mark
> 
> 
> 
> Max Cristin wrote:
> 
>  > I have setup an IPSec tunnel between M0n0 1.3b3 and Sonicwall PRO 2040:
>  >
>  > 192.168.0.0/24 -> Sonicwall (xxx.xxx.xxx.xxx) -> Internet <- M0n0
>  > (yyy.yyy.yyy.yyy) <- 192.168.1.0/24
>  >
>  > I first terminated the tunnel at both LAN's and traffic was going back
>  > and forth without any problem on either side. That was good, but I
>  > needed to limit access to the 1.0/24 subnet to just few specific hosts
>  > on the 0.0/24 subnet.
>  >
>  > Because of limitation of the Standard version of SonicOS, Sonicwall
>  > support told me that it could be done only if I terminate the tunnel
>  > at the Sonicwall WAN instead of the LAN and then add firewall rules on
>  > the Sonicwall to allow or deny specific traffic.
>  >
>  > I did that and now on the M0n0wall side the tunnel is terminated at
>  > the LAN (192.168.1.0/24) while at the Sonicwall side the tunnel is
>  > terminated at the WAN (xxx.xxx.xxx.xxx). After I added the rules on
>  > the sonicwall to allow only specific hosts to access the 1.0/24 subnet
>  > I'm able to communicate on that direction.
>  >
>  > The problem now is that nobody in the 1.0/24 subnet can reach the
>  > 0.0/24 subnet. So basically the traffic is only going in one
>  > direction. The rules on the Sonicwall allow all the traffic from
>  > 1.0/24 to go to 0.0/24, but that still doesn't work.
>  >
>  > Do I have to add static routes in order for this to work? Any help and
>  > suggestion is appreciated.
>  >
>  > Thanks.
>  >
>  > Max
>  >
>  >
>  >
>  >
>  > ---------------------------------------------------------------------
>  > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>  > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>  >
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch