[ previous ] [ next ] [ threads ]
 
 From:  Christiaens Joachim <jchristi at oce dot be>
 To:  "'Mitch (WebCob)'" <mitch at webcob dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] RE: Firewalling /filtering IPSec tunnels...
 Date:  Sat, 24 Apr 2004 21:22:26 +0200
> -----Original Message-----
> From: Mitch (WebCob) [mailto:mitch at webcob dot com]
> Sent: zaterdag 24 april 2004 18:40
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] RE: Firewalling /filtering IPSec tunnels...
> 
> 
> >
> >
> > I'm wondering if I need to NAT the traffic before sending it, so
> > that the remote end only see's the VPN endpoint it is aware of...
> >
> > Not sure how to glue it all together though...
> >
> > m/
> 
> Just in case it's the abscence of a picture that's keeping me 
> from finding
> an answer... ;-)
> 
> PC A ---> MONO A ---> INTERNET ---> IPSEC ---> MONO C ---> PC C
>                                                 ^
> PC B ---> MONO B ---> INTERNET ---> IPSEC ------/
> 
> So with this config, PC A can communicate with PC C acter 
> establishing an
> IPSEC tunnel.
> PC B can also see PC C after the same setup...
> 
> What I need to do is allow PC A to see PC B THROUGH MONO C - 
> like I'm trying
> to route over IPSEC.
> 
> Haven't had any luck yet...
> 
> Ideas? Is it possible?
> 
> Thanks again...

Are you able to reach m0n0 A from m0n0 B (ping) and vice-versa?

Did you try adding static routes to m0n0 A and B for PC A and PC B
(like on m0n0 B: dest=PC A gw=m0n0 A and on m0n0 A: dest=PC B gw=m0n0 B)?

Joachim


-----------------------------------------------
MISSION STATEMENT 
-----------------------------------------------

effectively by offering innovative print and document management products
and services for professional environments.

-----------------------------------------------
DISCLAIMER 
-----------------------------------------------
This e-mail message and any attachment are intended for the sole use of the
recipient(s) named above and may contain information which is confidential
and/or protected by intellectual property rights.
Any use of the information contained herein (including, but not limited to,
total or partial reproduction, communication or distribution in any form) by
other persons than the designated recipient(s) is prohibited.

If you have received this e-mail in error, please notify the sender either
by telephone (0032-2-729.48.11) or by e-mail and delete the material from
any computer.
Oce-Belgium/Oce-Interservices is nor responsible for the correct and
complete transfer of the contents of the sent e-mail, neither for the
receipt on due time.  This e-mail message does not bring about a contractual
obligation for Oce-Belgium/Oce-Interservices.

Thank you for your cooperation.

For further information about Oce-Belgium/Oce-Interservices please see our
website at www.oce.be

-----------------------------------------------