|
||||||||
Sorry, but with the standard os, I means it's not possible. I only made this on enhanced os with 1260 and 4060. ______________________________________________ Jan Arbona Tècnica de Sistemes Cal Peles Camí Vell de l'Església 41, Sispony AD400 www.tscp.info -----Mensaje original----- De: Max Cristin [mailto:max dot cristin at rogers dot com] Enviado el: viernes, 02 de febrero de 2007 16:40 Para: m0n0wall at lists dot m0n0 dot ch Asunto: [m0n0wall] IPsec and routing question I have setup an IPSec tunnel between M0n0 1.3b3 and Sonicwall PRO 2040: 192.168.0.0/24 -> Sonicwall (xxx.xxx.xxx.xxx) -> Internet <- M0n0 (yyy.yyy.yyy.yyy) <- 192.168.1.0/24 I first terminated the tunnel at both LAN's and traffic was going back and forth without any problem on either side. That was good, but I needed to limit access to the 1.0/24 subnet to just few specific hosts on the 0.0/24 subnet. Because of limitation of the Standard version of SonicOS, Sonicwall support told me that it could be done only if I terminate the tunnel at the Sonicwall WAN instead of the LAN and then add firewall rules on the Sonicwall to allow or deny specific traffic. I did that and now on the M0n0wall side the tunnel is terminated at the LAN (192.168.1.0/24) while at the Sonicwall side the tunnel is terminated at the WAN (xxx.xxx.xxx.xxx). After I added the rules on the sonicwall to allow only specific hosts to access the 1.0/24 subnet I'm able to communicate on that direction. The problem now is that nobody in the 1.0/24 subnet can reach the 0.0/24 subnet. So basically the traffic is only going in one direction. The rules on the Sonicwall allow all the traffic from 1.0/24 to go to 0.0/24, but that still doesn't work. Do I have to add static routes in order for this to work? Any help and suggestion is appreciated. Thanks. Max --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |