> I'm running Eigerstein. I want to switch over to Dachstein at some point. > I want to have a firewall that Masquerades public IPS but does not Masquerade > IPSec (VPN). > I thought this couldn't be done based on previous postings. > This posting implies (I think) that the restrictionis apply only within IPSec > (VPN). > Is this true? > > 192.168.2.0\24 -- LRP -- Pub IPs ------- Pub IPs - LRP - 192.168.3.0\24 > Pub IPs - LRP - 192.168.4.0\24 > > Can Dachstein route between the 192.168.*.* and masquerade for everything else? > I actually want to have four separate sites use LRP, all having VPN access > to/from 192.168.2.0\24. Two sites also need to provide server port forwarding.
You can setup a network like the above using IPSec running on the firewalls...that's kind of the whole concept of a VPN. The one thing to watch when setting up your network, is to make sure your private network is routable (ie don't overlap IP space...you've got a seperate /24 network for each endpoint, which *is* routable, so you're OK). If you want to set this up, I recommend using Pentium class machines (you'll need a bit of extra CPU for encryption) with 32 Meg, and the CD-ROM version of Dachstein...I've got a whole network of these systems (P133's with SDRAM and PCI NIC's) linking various remote sites to the 'net via masquerading, and to each other via VPN. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
