Re: [leaf-user] VPN local to remote-dmz

Sat, 31 May 2003 02:15:01 -0700

On Fri, 30 May 2003 08:21:00 -0700, M Lu <[EMAIL PROTECTED]> wrote:

Thanks a lot, Tom.

- The 2 subnet-subnet tunnels work perfectly following your instructions.

- Now if I would like to add a road-warrior, could I just expand your
instructions further as follow?

In /etc/shorewall/zones I have

vpn           VPN               VPN local-network
vpn2         VPN2             VPN dmz-network
vpnRW     VPNRW         VPN for Road Warrior

In /etc/shorewall/tunnels

ipsec net 0.0.0.0/0 vpn,vpn2,vpnRW

In /etc/shorewall/interfaces

- ipsec0

and /etc/shorewall/hosts

vpn         ipsec0:<his-local-subnet>
vpn2       ipsec0:<his-dmz-subnet>
vpnRW   ipsec0:0.0.0.0/0

and allow vpnRW and my-local to access each other in /etc/shorewall/policy

vpnRW  loc           ACCEPT
loc         vpnRW    ACCEPT


Should work.

-Tom
--
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ [EMAIL PROTECTED]



-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to