- Original Message -
From: Brent Wiese [EMAIL PROTECTED]
To: 'Micheal Patterson' [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Tuesday, October 28, 2003 5:25 PM
Subject: RE: IPSEC tunnel issue..
Here's my situation.
I've got 2 networks at different facilities that are using
public routable
IP's. Each end has a fbsd box in bridge mode as their
firewall between the
lan and the cisco routers at each end. I've been tasked to establish a
secure tunnel between these two networks and I'm having some
trouble. I've
searched google for ipsec information on this but every thing
that I have
found depicts a private lan behind the public ip's of the
tunnel endpoints.
Has anyone been able to establish this type of tunnel
successfully? If so,
can you please direct me to some information on this?
So if I understand correctly, you're running the FreeBSD firewall in
transparent mode? Hosts behind the firewall use public addresses on the
same subnet as the firewall public?
I think you may need to switch to NAT mode so you're running a
non-net-routeable (private) LAN. You can always stack more public Ips on
the
firewall and port forward.
Or, if you run a routing daemon and have all your hosts point to it as the
default gateway, build the tunnel and route anything that isn't through
the
tunnel at your real gateway.
Or, build the tunnel and add routes to all the hosts specifing the FreeBSD
box as the gateway for the remote network. This can be a pain to admin
long
term, but if, for instance, you run a Windows domain, you can run a route
add batch file when users log into the network.
Brent
Yea, the firewalls are in bridge mode, dual nic'd. What we've decided to do
for this is to just subnet out the ip ranges that the circuits have been
assigned. That way, we'll have a routable subnet between the router
firewall, and a routable subnet behind the firewall with it acting as the
lan gateway and take it out of bridge mode.
--
Micheal Patterson
Network Administration
Cancer Care Network
405-917-0600
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]