Solved: LAN1-FREEBSD-R1700-R1700-LAN2

vaba · ‎03-05-2007

LAN1--->FREEBSD<--->R1700<--->R1700<---LAN2

This is my network

lan1 10.10.10.10/24

lan2 192.168.1.0/24

FREEBSD<--->R1700 192.168.2.0/24

R1700<--->R1700 192.168.3.0/24

I use R1700<--->R1700 IPSEC vpn and

work fine whit access-list 100 192.168.3.0

But when i add in access-list 100 network 10.10.10.0/24 (lan1) not work.

FreeBSD is a Firewall(ipfw) who permit only HTTP server 10.10.10.10 on port 8080.

When stop ipfw and pass ip from any to 10.10.10.10 it work, but no security

who port i need to allow on BSD firewall to pass Ipsec

Kamal Malhotra · ‎03-05-2007

Hi,

Its not the IPSEC traffic flowing through the BSD firewall. So you need to make sure that the IP traffic that needs to travel across the BSD firewall. E.g. HTTP on port 8080 is open but is it the HTTP on 8080 that we are initiating? If it is some other type of traffic then we need to make sure that it is permitted. Is this a PIX firewall, if yes then could you also send the config?

HTH,

*Please rate if helps,

Regards,

Kamal

View solution in original post

Kamal Malhotra · ‎03-05-2007

Hi,

Its not the IPSEC traffic flowing through the BSD firewall. So you need to make sure that the IP traffic that needs to travel across the BSD firewall. E.g. HTTP on port 8080 is open but is it the HTTP on 8080 that we are initiating? If it is some other type of traffic then we need to make sure that it is permitted. Is this a PIX firewall, if yes then could you also send the config?

HTH,

*Please rate if helps,

Regards,

Kamal