[Openswan Users] Architecture question

Matthew Claridge mclaridge at rwa-net.co.uk
Tue Aug 8 04:26:25 EDT 2006

>On Fri, 2006-08-04 at 15:01 +0100, Matthew Claridge wrote:
>>Never tried to do things this way, so I don't really know if this is
>>feasible/easy/possible etc.....
>>If, for example, we had a firewall with 2 network segments (DMZs) -
>>DMZ1 contains an OpenSwan IPSec device with external IP a.a.a.a and
>>private IP b.b.b.b
>>DMZ2 contains another network segment using IP addresses of c.c.c.0/24
>>Can the VPN in DMZ1 be set up to allow traffic to/from DMZ2? I would
>>normally do this by having the VPN inside DMZ2, but we are thinking of
>>changing our infrastructure so I'm wondering what options there are...
>Not sure I really understand what you're asking. But I think the answer
>is yes - in general if you can route packets between 2 places, you can
>put an IPsec tunnel between them. If you have firewalls in the path, you
>need them to permit and forward your IPsec traffic (protocol 50) and
>ISAKMP (udp port 500, and 4500 if your firewall does NAT).
Except that I want to terminate the tunnel in DMZ1, but have DMZ2 (on 
the other side of a firewall) accessible by the remote end. I guess 
maybe I could NAT some addresses from DMZ2 into the DMZ1 network range.....

>>This message has been scanned for viruses and 
>>dangerous content by MailScanner, and is 
>>believed to be clean. 
>>Users at openswan.org
>>Building and Integrating Virtual Private Networks with Openswan: 
>This e-mail has been scanned for viruses by Verizon Business Internet Managed Scanning Services - powered by MessageLabs. For further information visit http://www.mci.com

Matthew Claridge
Product Support Engineer
RWA Limited

Tel: 02920 815 054
Email: mclaridge at rwa-net.co.uk
Web: www.rwa-net.co.uk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20060808/4d179430/attachment.htm

More information about the Users mailing list