|
Title: Oddity with IPSec and Green/Blue Zones Post by: trymes on Thursday 12 August 2010, 03:01:47 am OK, so I have two IPSec tunnels on my EFW 2.4 firewall. Each goes to a different site, and none of the subnets conflict.
GREEN: 10.1.0.0/16 BLUE: 192.168.1.0/24 Tunnel #1: EFW<-->IPSec<-->Site2<-->192.168.0.1/24 Tunnel #2: EFW<-->IPSec<-->Site1<-->10.3.0.0/16 All was working fine until I added a BLUE Interface on a third NIC. Before, when I only had RED and GREEN, everything worked fine. However, I now have a problem where Tunnel #1 works no matter what, but Tunnel #2 shows as "Link: Up" and "Status: Down" unless I enable the "VPN on BLUE" checkbox. Once I enable VPN on BLUE, everything works again. This would be all well and good, but I do not want the Blue xone to have access to the VPN tunnels. I suppose I could add rules to the VPN firewall, but it seems to me that this should just work when I uncheck the "VPN on BLUE" box, and I shouldn't need to add any firewall rules. Let me know if I have made some boneheaded mistake... Tom |