Re: [leaf-user] VPN local to remote-dmz

Thu, 05 Jun 2003 05:24:08 -0700 

Hi Tom,

The new single added Road-Warrior works. If I add another Road-Warrior, say
'vpnRW2', I think I need to again declare it in /etc/shorewall/hosts as
below, correct?

 > and /etc/shorewall/hosts
 >
 > vpn         ipsec0:<his-local-subnet>
 > vpn2       ipsec0:<his-dmz-subnet>
 > vpnRW   ipsec0:0.0.0.0/0
    vpnRW2 ipsec0:0.0.0.0/0      <<--------   additional Road-Warrior

Thank you.

M Lu.


----- Original Message ----- 
From: "Tom Eastep" <[EMAIL PROTECTED]>
To: "M Lu" <[EMAIL PROTECTED]>
Cc: "LEAF user list" <[EMAIL PROTECTED]>
Sent: Friday, May 30, 2003 8:51 AM
Subject: Re: [leaf-user] VPN local to remote-dmz


> On Fri, 30 May 2003 08:21:00 -0700, M  Lu <[EMAIL PROTECTED]> wrote:
>
> > Thanks a lot, Tom.
> >
> > - The 2 subnet-subnet tunnels work perfectly following your
instructions.
> >
> > - Now if I would like to add a road-warrior, could I just expand your
> > instructions further as follow?
> >
> > In /etc/shorewall/zones I have
> >
> > vpn           VPN               VPN local-network
> > vpn2         VPN2             VPN dmz-network
> > vpnRW     VPNRW         VPN for Road Warrior
> >
> > In /etc/shorewall/tunnels
> >
> > ipsec   net     0.0.0.0/0   vpn,vpn2,vpnRW
> >
> > In /etc/shorewall/interfaces
> >
> > -   ipsec0
> >
> > and /etc/shorewall/hosts
> >
> > vpn         ipsec0:<his-local-subnet>
> > vpn2       ipsec0:<his-dmz-subnet>
> > vpnRW   ipsec0:0.0.0.0/0
> >
> > and allow vpnRW and my-local to access each other in
> > /etc/shorewall/policy
> >
> > vpnRW  loc           ACCEPT
> > loc         vpnRW    ACCEPT
> >
>
> Should work.
>
> -Tom
> -- 
> Tom Eastep    \ Shorewall - iptables made easy
> Shoreline,     \ http://www.shorewall.net
> Washington USA  \ [EMAIL PROTECTED]
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: eBay
> Get office equipment for less on eBay!
> http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
> ------------------------------------------------------------------------
> leaf-user mailing list: [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
>


-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to