Tom,
Thanks for your help. I manage do configure IPSec connection through
firewall using the rules specified at http://www.shorewall.net/VPN.htm with
nat transversal.
Now, my only problem is using shorewall on the VPN Server. The rules I
mentioned before are correct?
RULES
DNAT all net:192.168.1.xxx udp 2000
DNAT all net:192.168.1.xxx udp 2010
DNAT all net:192.168.1.xxx tcp 2004
I need to nat specific packages coming from VPN connection to another two
servers. This servers needs to respond this packages using the ipsec tunnel.
João
2009/6/10 Tom Eastep <teas...@shorewall.net>
> João Kuchnier wrote:
> > Hi everyone!
> >
> > First of all, sorry about my bad English and the e-mails extension.
> >
> > I need some help to implement a VPN connection using shorewall and
> > openswan as IPSec Tunnel.
> >
> > My network map:
> >
> > CLIENT VPN APPLIANCE --> +++INTERNET+++ --> FIREWALL --> OPENSWAN SERVER
> > (DMZ)
> >
> > I have two VPN connections with two different subnets to the other end.
> > The two of then are correctly established.
> >
> > One of my doubts is how to configure the hosts, tunnels and zones stuff
> > linking to the VPN server on DMZ
>
> You don't. You only need to worry about those when the IPSEC endpoint is
> on the firewall. What you want is described at
> http://www.shorewall.net/VPN.htm.
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables unlimited
> royalty-free distribution of the report engine for externally facing
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
