IPSEC tunnel issue..

Micheal Patterson micheal at tsgincorporated.com
Tue Oct 28 19:03:43 PST 2003 




----- Original Message ----- 
From: "Brent Wiese" <brently at bjwcs.com>
To: "'Micheal Patterson'" <micheal at tsgincorporated.com>;
<freebsd-questions at freebsd.org>
Sent: Tuesday, October 28, 2003 5:25 PM
Subject: RE: IPSEC tunnel issue..


>
> > Here's my situation.
> >
> > I've got 2 networks at different facilities that are using
> > public routable
> > IP's. Each end has a fbsd box in bridge mode as their
> > firewall between the
> > lan and the cisco routers at each end. I've been tasked to establish a
> > secure tunnel between these two networks and I'm having some
> > trouble. I've
> > searched google for ipsec information on this but every thing
> > that I have
> > found depicts a private lan behind the public ip's of the
> > tunnel endpoints.
> > Has anyone been able to establish this type of tunnel
> > successfully? If so,
> > can you please direct me to some information on this?
>
> So if I understand correctly, you're running the FreeBSD firewall in
> "transparent" mode? Hosts behind the firewall use public addresses on the
> same subnet as the firewall public?
>
> I think you may need to switch to NAT mode so you're running a
> non-net-routeable (private) LAN. You can always stack more public Ips on
the
> firewall and port forward.
>
> Or, if you run a routing daemon and have all your hosts point to it as the
> default gateway, build the tunnel and route anything that isn't through
the
> tunnel at your real gateway.
>
> Or, build the tunnel and add routes to all the hosts specifing the FreeBSD
> box as the gateway for the remote network. This can be a pain to admin
long
> term, but if, for instance, you run a Windows domain, you can run a "route
> add" batch file when users log into the network.
>
> Brent
>

Yea, the firewalls are in bridge mode, dual nic'd. What we've decided to do
for this is to just subnet out the ip ranges that the circuits have been
assigned. That way, we'll have a routable subnet between the router <>
firewall, and a routable subnet behind the firewall with it acting as the
lan gateway and take it out of bridge mode.

--

Micheal Patterson
Network Administration
Cancer Care Network
405-917-0600

More information about the freebsd-questions mailing list