Re: ipsec.conf ,routers and endpoints

Stuart Henderson Thu, 03 May 2012 05:25:57 -0700

this is pretty much unreadable, use a reliable mail client if you're
posting ascii-art and keep it to <75 columns or so.


also your obfuscated IP addresses make it impossible to tell which
addresses are "real" internet-routable addresses and which if any
are rfc1918/rfc6598, and whether there's any NAT in place or not.


On 2012-05-03, powell murlene <[email protected]> wrote:
> network topology
>
>
>                    home network                                               
>    remote network
>
>
>
>                                                        ##########
>                       3.3.3.3       1.1.1.1        #             #
>     2.2.2.2       4.4.4.4
>            ---------------- router_a --------------# internet
> #--------------- router_b -----------
>             |                                            #
> #                                        |
>             |                                            ########
>                                    |
>       3.3.3.2                                                                 
>                         4.4.4.2
>           |                                                                   
>                                 |
>       firewall_a                                                              
>                        firewall_b
>           |                                                                   
>                                 |
>         5.5.5.4
>                                  7.7.7.4
>           |                                                                   
>                                 |
>           |                                                                   
>                                 |
>       network_a                                                               
>                             network_b
>
>        5.5.5.0/24                                                             
>                      7.7.7.0/24
>
>
>
> -----------------------------------------------------------------------------------------------------------------------
>
> network_a
>
> home network = 5.5.5.0/24
> firewall dual homed
>       network facing static nic address = 5.5.5.4
>       virgin media router facing static nic address = 3.3.3.2
> virgin media router static address = 3.3.3.3
> virgin media dynamic wan address = 1.1.1.1
>
>
> network_b
>
> remote network = 7.7.7.0/24
> firewall dual homed
>       network facing static nic address = 7.7.7.4
>       virgin media router facing static nic address = 4.4.4.2
> virgin media router static address = 4.4.4.4
> virgin media dynamic wan address = 2.2.2.2
>
> both firewalls run ipsec
> both routers configured foe vpn passthrough
> --------------
>
>
> network_a ipsec.conf
>
> # Macros
> local_gw    = "local_addr"    # External interface
>
> local_net   = "5.5.5.0/24"      # Local private network
> remote_gw   = "remote_addr"   # Remote IPsec gateway
> remote_nets = "7.7.7.0/24"    # Remote private networks
>
> # Set up the VPN between the gateway machines
> ike esp from $local_gw to $remote_gw
> # Between local gateway and remote networks
> ike esp from $local_gw to $remote_nets peer $remote_gw
> # Between the networks
> ike esp from $local_net to $remote_nets peer $remote_gw
>
> -------------------
>
> Q1: for my local_gw is local_addr 3.3.3.2 or 3.3.3.3 or 1.1.1.1
> Q2: for my remote_gw is remote_addr 2.2.2.2 or 4.4.4.4 or 4.4.4.2

Re: ipsec.conf ,routers and endpoints

Reply via email to