[Openswan Users] Architecture question
andy at andynet.net
Fri Aug 4 05:51:31 EDT 2006
On Fri, 2006-08-04 at 15:01 +0100, Matthew Claridge wrote:
> Never tried to do things this way, so I don't really know if this is
> feasible/easy/possible etc.....
> If, for example, we had a firewall with 2 network segments (DMZs) -
> DMZ1 contains an OpenSwan IPSec device with external IP a.a.a.a and
> private IP b.b.b.b
> DMZ2 contains another network segment using IP addresses of c.c.c.0/24
> Can the VPN in DMZ1 be set up to allow traffic to/from DMZ2? I would
> normally do this by having the VPN inside DMZ2, but we are thinking of
> changing our infrastructure so I'm wondering what options there are...
Not sure I really understand what you're asking. But I think the answer
is yes - in general if you can route packets between 2 places, you can
put an IPsec tunnel between them. If you have firewalls in the path, you
need them to permit and forward your IPsec traffic (protocol 50) and
ISAKMP (udp port 500, and 4500 if your firewall does NAT).
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> Users at openswan.org
> Building and Integrating Virtual Private Networks with Openswan:
More information about the Users