[Openswan Users] Question regarding DMZ

Gary Smith gary.smith at holdstead.com
Fri Mar 5 14:16:14 EST 2010

Until yesterday, everything was NAT'ed in our network, but because of some limitations, we moved several external facing server into a DMZ.  We have also moved the openswan server there was well.  All of the routes are back up and most things are running smoothly.

The problem is that at one of the servers in the DMZ is a terminal server and when users connect to that server and need to access things on one of the remote ipsec connections, it fails.

My understanding is that because the public IP's that we are using are not part of the secure ipsec connection.  This makes sense.  

My question is how do I fix it?  Do I simply put a new connection with the public IP information in it and propagate it to all of the servers or is there something else I need to be mindful of?

The firewall is a bridged firewall and the ipsec is on a dedicated Linux instance.  The firewall has the proper routes for the remote networks pointing to the ipsec box.  

Any assistance would be greatly appreciated.


More information about the Users mailing list