IPSec Routing
jhall at socket.net
jhall at socket.net
Thu May 26 01:57:34 UTC 2011
----------------------------------------------------
>From : Remko Lodder <remko at elvandar.org>
To : jhall at socket.net
Subject : Re: IPSec Routing
Date : Sun, 22 May 2011 21:12:24 +0200
>
> Basically what happends is that an IPSEC tunnel looks like this
>
>
> Internal_A -->> Internal FW A [ FW A] External FWA ---->>> [Internet]
<<<---- External FWB [FW B] Internal FW B <<-- Internal_B
>
External FWA [ ------------ TUNNEL ---------] External FWB [also called
Phase1]
> Internal_A
[-------------------------------------------------------------------
TUNNEL ----------------------------------------------------------]
Internal_B [Also called phase2]
>
> The external FW's talk to eachother and make a secure pipe. The internal
networks / hosts, use the secure pipe to route traffic
> between them. So basically the first TUNNEL line is a big pipe, and the
second TUNNEL line is packets WITHIN that first tunnel line.. (complex?)
>
> Comment:
>
> A connection is setup between the external FWA and External FWB, so that
you have a secure pipe between the firewalls
> to exchange data.
>
> In some cases you talk to the external IP and it gets processed there
and onwards.
>
> In other cases [more likely], you setup a secondary tunnel (phase2)
which enables you to talk to internal hosts on the other end.
> An IPSEC session is never established between internal IP ranges (if
flowing over the internet, ofcourse within the network itself
> it is entirely possible).
>
> The IPSEC session _does_ allow you to route and send traffic to an
internal IP adres over the tunnel though.
>
> If you can shed some more light in what you mean I might be able to
help. I have setup 1000's of tunnels between mostly commercial
> grade firewalls but I might assist in getting a bit further.
Thank you to everyone for their help. The connection is now up and
running. Our vendor had an incorrect entry in their route table.
Jay
More information about the freebsd-net
mailing list