Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LAN1-FREEBSD-R1700-R1700-LAN2

LAN1--->FREEBSD<--->R1700<--->R1700<---LAN2

This is my network

lan1 10.10.10.10/24

lan2 192.168.1.0/24

FREEBSD<--->R1700 192.168.2.0/24

R1700<--->R1700 192.168.3.0/24

I use R1700<--->R1700 IPSEC vpn and

work fine whit access-list 100 192.168.3.0

But when i add in access-list 100 network 10.10.10.0/24 (lan1) not work.

FreeBSD is a Firewall(ipfw) who permit only HTTP server 10.10.10.10 on port 8080.

When stop ipfw and pass ip from any to 10.10.10.10 it work, but no security

who port i need to allow on BSD firewall to pass Ipsec

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: LAN1-FREEBSD-R1700-R1700-LAN2

Hi,

Its not the IPSEC traffic flowing through the BSD firewall. So you need to make sure that the IP traffic that needs to travel across the BSD firewall. E.g. HTTP on port 8080 is open but is it the HTTP on 8080 that we are initiating? If it is some other type of traffic then we need to make sure that it is permitted. Is this a PIX firewall, if yes then could you also send the config?

HTH,

*Please rate if helps,

Regards,

Kamal

1 REPLY
Cisco Employee

Re: LAN1-FREEBSD-R1700-R1700-LAN2

Hi,

Its not the IPSEC traffic flowing through the BSD firewall. So you need to make sure that the IP traffic that needs to travel across the BSD firewall. E.g. HTTP on port 8080 is open but is it the HTTP on 8080 that we are initiating? If it is some other type of traffic then we need to make sure that it is permitted. Is this a PIX firewall, if yes then could you also send the config?

HTH,

*Please rate if helps,

Regards,

Kamal

114
Views
0
Helpful
1
Replies