I have workstations and a server running Solaris 10 Update 4 with Trusted
Extensions. The server has multiple NICs one connected to the Solaris
workstations and the other NIC connected to non-CIPSO systems. The Solaris
systems are configured with Trusted Extensions and using CIPSO.
I have tested networking between all the systems, including from the Solaris
workstations using CIPSO through the Solaris 10 Server with multiple NICS to
the non-CIPSO systems and works perfect.
When I configure the Solaris workstations and server with IPSec communication
to the non-CIPSO systems stop. I believe the issue might be the server is in
transport mode and needs to be in tunnel mode. Have tried with IP forwarding
enabled and disabled. My goal is to have the Solaris system communicate using
IPSec & CIPSO and the Solaris server removes IPSec and CIPSO as it routes
traffic from the workstations to non-CIPSO systems.
Currently I have several labeled zones on the workstation and server using the
all-zones interface listed in the diagram below. Everything works until i use
IPSec. Currently looking over the IP Services PDF 816-4554. If anyone knows of
other documentation that would be helpful please let me know.
Solaris workstation
192.168.1.2 all-zones
|
|
192.168.1.1 all-zones
Solaris Server with multiple NICs
192.168.2.1 all-zones
|
|
192.168.2.2
NON-CIPSO System
Any help would be appreciated.
Elijah
This message posted from opensolaris.org
