[ previous ] [ next ] [ threads ]
 From:  =?iso-8859-1?Q?T=E8cnica_de_Sistemes_Cal_Peles?= <tech at tscp dot info>
 To:  "'Max Cristin'" <max dot cristin at rogers dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] IPsec and routing question
 Date:  Sat, 3 Feb 2007 11:16:45 +0100
Sorry, but with the standard os, I means it's not possible. I only made this
on enhanced os with 1260 and 4060. 

Jan Arbona
Tècnica de Sistemes Cal Peles
Camí Vell de l'Església 41, Sispony AD400

-----Mensaje original-----
De: Max Cristin [mailto:max dot cristin at rogers dot com] 
Enviado el: viernes, 02 de febrero de 2007 16:40
Para: m0n0wall at lists dot m0n0 dot ch
Asunto: [m0n0wall] IPsec and routing question

I have setup an IPSec tunnel between M0n0 1.3b3 and Sonicwall PRO 2040: -> Sonicwall (xxx.xxx.xxx.xxx) -> Internet <- M0n0
(yyy.yyy.yyy.yyy) <-

I first terminated the tunnel at both LAN's and traffic was going back and
forth without any problem on either side. That was good, but I needed to
limit access to the 1.0/24 subnet to just few specific hosts on the 0.0/24

Because of limitation of the Standard version of SonicOS, Sonicwall support
told me that it could be done only if I terminate the tunnel at the
Sonicwall WAN instead of the LAN and then add firewall rules on the
Sonicwall to allow or deny specific traffic.

I did that and now on the M0n0wall side the tunnel is terminated at the LAN
( while at the Sonicwall side the tunnel is terminated at the
WAN (xxx.xxx.xxx.xxx). After I added the rules on the sonicwall to allow
only specific hosts to access the 1.0/24 subnet I'm able to communicate on
that direction.

The problem now is that nobody in the 1.0/24 subnet can reach the 0.0/24
subnet. So basically the traffic is only going in one direction. The rules
on the Sonicwall allow all the traffic from 1.0/24 to go to 0.0/24, but that
still doesn't work.

Do I have to add static routes in order for this to work? Any help and
suggestion is appreciated.



To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch