Thank you Tom, It seems straigforward to add another connection (my-local - his-dmz) in 'ipsec.conf' but I do not know how to add another zone and associate it in '/etc/shorewall/interfaces'. Say I have second zone in '/etc/shorewall/zones'
vpn VPN VPN local-network vpn2 VPN2 VPN dmz-network and in '/etc/shorewall/tunnels' I have ipsec net remote-IP vpn,vpn2 How do I represent them in '/etc/shorewall/interfaces' so that I can later have policy to allow 'vpn2' to 'dmz', but not the other way. Also, is it possible for me to add Road Warrior (again I need to access local and dmz) and they coexist with the permanent subnet-subnet? In that case, how does Shorewall know which zone is permanent and which zone will be up and down? M Lu. ----- Original Message ----- From: "Tom Eastep" <[EMAIL PROTECTED]> To: "M Lu" <[EMAIL PROTECTED]> Cc: "LEAF user list" <[EMAIL PROTECTED]> Sent: Tuesday, May 27, 2003 8:47 AM Subject: Re: [leaf-user] VPN local to remote-dmz > On Fri, 23 May 2003 13:08:37 -0700, M Lu <[EMAIL PROTECTED]> wrote: > > > Hi, > > > > My friend and me both use Bering router 1.1. I have a VPN subnet-subnet > > from > > my local-subnet (192.168.9.x) to his local-subnet (192.168.5.x) . He has > > DMZ > > (192.168.2.x) and if I want to access his DMZ from my local-subnet, how > > should I go about it? > > > > You will have to set up a separate subnet-subnet tunnel. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://www.shorewall.net > Washington USA \ [EMAIL PROTECTED] > > ------------------------------------------------------- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
