[Openswan Users] Question about firewalls...
Marcin Giedz
marcin.giedz at eulerhermes.pl
Wed May 25 12:06:22 CEST 2005
Dnia środa, 25 maja 2005 01:38, Alexander Samad napisał:
Really thanks.... know it rocks ;)
BR,
Marcin
> This is a src address issue
>
> when you ping from the either firewall (start/end point of the ipsec
> tunnel), the src address used doesn't fit in the ipsec tunnel
>
>
> 192.168.10.5------192.168.10.1+++12.12.12.12 .. .. .. .. .. .. .
> 13.13.13.13+++ 192.168.8.1----- 192.168.8.5
>
>
> So
> lan A (192.168.10.x/24 - gw firewall on 192.168.10.1 external ip of
> 12.12.12.12) lan B (192.168.8.x/24 - gw firewall on 192.168.8.1 external ip
> of 13.13.13.13)
>
> pinging from either .5 machine to the other works okay example 192.168.10.5
> to 192.168.8.5.
>
> place src address dst address
> 192.168.10.5 192.168.10.5 192.168.8.5
> gw1 192.168.10.5 192.168.8.5
> gw2 192.168.10.5 192.168.8.5
> 192.168.8.5 192.168.10.5 192.168.8.5
>
> But when you ping from gw1 to 192.168.8.5 your routing will set the source
> address of the packet to 12.12.12.12 and this will not fall in the ipsec
> tunnel. So to be able to ping from gw1 to 192.168.8.0 do something like
>
> ip r a 192.168.8.0/24 dev XXXX via YYYY src 192.168.10.1
>
> and vis versa on gw2
>
> Hope that helps
> Alex
>
> > Hello
> >
> >
> > Today I have successfully connected 2 subnets with OPenswan but have one
> > question additionally. OpenSwan is up and running on two firewalls.
> >
> > Question is:
> > Host from subnet "A" can ping host from subnet "B" and vice versa but I
> > can't ping any host in subnet A from subnet's B firewall.... of course I
> > can't also ping any host in subnet B from subnet's A firewall. Is it
> > normal? What can I do to ping hosts from firewalls?
> >
> > Thanks,
> > Marcin
> >
> > _______________________________________________
> > Users mailing list
> > Users at openswan.org
> > http://lists.openswan.org/mailman/listinfo/users
More information about the Users
mailing list