EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Friday 22 November 2024, 09:33:05 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
The Latest Endian Firewall is now available for download
HERE
14258
Posts in
4377
Topics by
6516
Members
Latest Member:
DaveH
Search:
Advanced search
EFW Support
Support
VPN Support
IPSec and multiple subnets
0 Members and 2 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: IPSec and multiple subnets (Read 10769 times)
trymes
Full Member
Offline
Posts: 36
IPSec and multiple subnets
«
on:
Saturday 28 July 2012, 04:55:27 am »
I have an Endian box with GREEN and BLUE local networks. I would like to connect this box to another Endian box via IPSec and be able to reach the remote network from both BLUE and GREEN networks. Generally, I would do this using IPSec and the "left subnets={.../xx yyy.yyy.yyy.yyy/yy}" option in the config file.
However, the GUI does not provide a method for specifying multiple subnets.
I can accomplish the same thing by adding two different tunnels to the same location, but that seems like a kludge, and is likely not the best option for performance.
Is there a way to do this already, or should I suggest an improvement to the developers?\
Many thanks,
Tom
Logged
trymes
Full Member
Offline
Posts: 36
Re: IPSec and multiple subnets
«
Reply #1 on:
Saturday 28 July 2012, 05:17:57 am »
A quick update with another method to work around this...provided that your network numbering allows it.
Details:
Site 1 - GREEN = 10.0.0.0/24
Site 2 - GREEN = 10.99.0.0/24 BLUE=10.99.1.0/24
If you would like all three LAN segments to be able to talk to each other, then you can specify "10.99.0.0/16" for the local subnet of Site 2 when setting up the IPSec tunnel. This will eliminate the need for the second tunnel.
HOWEVER: This would not work if the subnets are not conveniently numbered (ie: if Site 2 had subnets GREEN=10.99.0.0/24 and BLUE=192.168.1.0/24, or if another site used a subnet in the 10.99.0.0/16 range.
Additionally, this could be considered less than ideal if there were subnets at Site 2 that you did not want to be able to communicate with Site 1 over the tunnel. For example, if Site 2 also had ORANGE 10.99.2.0/24, and you did not want ORANGE to be able to access Site 1, then you would have to resort to the Firewall to limit that traffic.
As luck would have it, I have non-conveniently numbered networks, so it'll have to be two tunnels for me...
Tom
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.051 seconds with 18 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com