First of all its very confusing that your tunnel dst and src on cisco is a RFC1918 address. Those addresses are not routed within the bubble which is commonly known as public internet. Dont mix those addresses up with your subnets considered to be routed WITHIN the tunnel itself. Tunnel src and dst is just outside the tunnel to finally link two gre interfaces together, in your case loopback on cisco and ip on Shorewall. On Shorewall you dont have to put a loopback you can just put an interface native ip and this will be your tunnel end point on Shorewall.
GRE on Shorewall is described here (it may help you as well) http://www.shorewall.net/IPIP.htm If your question points not to how to establish a loopback on Shorewall but hwo to tehh Shorewall that ciscos loopback should be used as the other endpoint of tunnel the answer is very simple. Just tell Shorewall the ip of the loopback as its tunnel destination and thats it. Shorewall ofc doesnt care whether its a virtual or physical ip on the other side, its just routing nothing else. I hope I was able to help a bit Cheers Michael -----Ursprüngliche Nachricht----- Von: Jesse L. Zamora [mailto:[email protected]] Gesendet: Freitag, 25. März 2011 13:34 An: [email protected] Betreff: [Shorewall-users] Interfacing with Cisco GRE & IPSEC Hello, We have been trying to configure a GRE/IPSEC tunnel between our Fedora 11 firewall (with Shorewall 4.2 and ipsec-tools 0.7.2) and a Cisco firewall. Please note that the use of GRE is NOT optional in our case. I know some might suggest to use some other type of VPN configuration, but we are interfacing with a Cisco firewall belonging to a coporation in Latin America, so we need to use GRE with IPSEC. First, let me tell you a little about our network. Firstly, the internal subnet of our network is 172.27.12.0/24, and the internal subnet of the remote network (with the Cisco firewall) is 172.16.184.0/21. The most difficult thing I have to understand is the following. This is from the Cisco FW: Interface loopbackX Ip address 10.216.91.168 255.255.255.255 interface TunnelX description TUNEL-GRE ip address 172.16.184.1 255.255.248.0 tunnel source LoopbackX tunnel destination 10.15.25.225 end My question is relatively simple: how to I configure the loopback address 10.15.25.225/32 into Shorewall in order to connect with this Cisco FW? IN order to be able configure Shorewall so that the tunnel source is 10.15.25.225/32 and the tunnel destination is 10.216.91.168/32? So here's the final question: *** How to do configure Shorewall to use looback addresses with GRE as in the above Cisco configuration example? *** Thanks for any assistance you can provide! Many thanks, Jesse L. Zamora ---------------------------------------------------------------------------- -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
