What I am trying to configure is to allow a separate remote user pool to access a Zywall appliance behind the admx zone. It doesn't appear that I can create a One-to-one NAT to this Zywall appliance as IKE phase 2 fails when I do this.
I have read the documentation. Obviously I am missing something. How do I configure the tunnel and NAT? Or is there a better way to expose the Zywall appliance? Thank you My configuration files are as follows: ------- interfaces ------------ net eth0 dhcp,tcpflags,nosmurfs,routefilter,sourceroute=0,blacklist loc eth1 tcpflags,nosmurfs,routefilter l2tp ppp+ cpp eth2 dc1 eth3 admx eth4 ovpn tun+ zones ------------- fw firewall net ipv4 vpn ipsec l2tp ipv4 loc ipv4 cpp ipv4 dc1 ipv4 admx ipv4 ovpn ipv4 tunnel ------------ ipsec net 0.0.0.0/0 vpn openvpnserver:tcp:443 net 0.0.0.0/0 On Fri, Jun 5, 2015 at 8:31 AM, Tom Eastep <[email protected]> wrote: > On 6/4/2015 1:11 PM, Chop Wow wrote: > > Hi All, > > > > I have Libreswan/Xl2tpd IPSec/L2TP VPN running on the firewall appliance. > > As such I have the zones/interfaces/tunnel (see below) and standard > > rules associated with the VPN. > > > > A user in the admx zone has acquired a hardware stack that requires > > IPSEC/L2tp connection to connect to it. It has its own VPN/router. > > > > Can I define a second passthrough IPSEC tunnel to the user hardware > > and not affect my existing VPN on the Shorewall appliance? > > > Sure. > > -Tom > > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
