RE: IPSEC tunnel issue..

2003-10-28 Thread Brent Wiese 

 Here's my situation.
 
 I've got 2 networks at different facilities that are using 
 public routable
 IP's. Each end has a fbsd box in bridge mode as their 
 firewall between the
 lan and the cisco routers at each end. I've been tasked to establish a
 secure tunnel between these two networks and I'm having some 
 trouble. I've
 searched google for ipsec information on this but every thing 
 that I have
 found depicts a private lan behind the public ip's of the 
 tunnel endpoints.
 Has anyone been able to establish this type of tunnel 
 successfully? If so,
 can you please direct me to some information on this?

So if I understand correctly, you're running the FreeBSD firewall in
transparent mode? Hosts behind the firewall use public addresses on the
same subnet as the firewall public? 

I think you may need to switch to NAT mode so you're running a
non-net-routeable (private) LAN. You can always stack more public Ips on the
firewall and port forward.

Or, if you run a routing daemon and have all your hosts point to it as the
default gateway, build the tunnel and route anything that isn't through the
tunnel at your real gateway.

Or, build the tunnel and add routes to all the hosts specifing the FreeBSD
box as the gateway for the remote network. This can be a pain to admin long
term, but if, for instance, you run a Windows domain, you can run a route
add batch file when users log into the network.

Brent


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: IPSEC tunnel issue..

2003-10-28 Thread Micheal Patterson 




- Original Message - 
From: Brent Wiese [EMAIL PROTECTED]
To: 'Micheal Patterson' [EMAIL PROTECTED];
[EMAIL PROTECTED]
Sent: Tuesday, October 28, 2003 5:25 PM
Subject: RE: IPSEC tunnel issue..



  Here's my situation.
 
  I've got 2 networks at different facilities that are using
  public routable
  IP's. Each end has a fbsd box in bridge mode as their
  firewall between the
  lan and the cisco routers at each end. I've been tasked to establish a
  secure tunnel between these two networks and I'm having some
  trouble. I've
  searched google for ipsec information on this but every thing
  that I have
  found depicts a private lan behind the public ip's of the
  tunnel endpoints.
  Has anyone been able to establish this type of tunnel
  successfully? If so,
  can you please direct me to some information on this?

 So if I understand correctly, you're running the FreeBSD firewall in
 transparent mode? Hosts behind the firewall use public addresses on the
 same subnet as the firewall public?

 I think you may need to switch to NAT mode so you're running a
 non-net-routeable (private) LAN. You can always stack more public Ips on
the
 firewall and port forward.

 Or, if you run a routing daemon and have all your hosts point to it as the
 default gateway, build the tunnel and route anything that isn't through
the
 tunnel at your real gateway.

 Or, build the tunnel and add routes to all the hosts specifing the FreeBSD
 box as the gateway for the remote network. This can be a pain to admin
long
 term, but if, for instance, you run a Windows domain, you can run a route
 add batch file when users log into the network.

 Brent


Yea, the firewalls are in bridge mode, dual nic'd. What we've decided to do
for this is to just subnet out the ip ranges that the circuits have been
assigned. That way, we'll have a routable subnet between the router 
firewall, and a routable subnet behind the firewall with it acting as the
lan gateway and take it out of bridge mode.

--

Micheal Patterson
Network Administration
Cancer Care Network
405-917-0600

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]