[Date Prev][Date
Next][Thread Prev][Thread Next][Date
Index][Thread Index]
Re: [OT] VPN between firewalls
- To: ukha_d@xxxxxxx
- Subject: Re: [OT] VPN between firewalls
- From: "mark_harrison_uk2" <mph@xxxxxxx>
- Date: Mon, 18 Aug 2003 11:19:53 -0000
- Mailing-list: list ukha_d@xxxxxxx; contact
ukha_d-owner@xxxxxxx
- Reply-to: ukha_d@xxxxxxx
Pedro,
I don't believe there's any generic answer at the firewall level.
What firewall are you using?
In Firewall-1, you'd simply untick the "allow all access" box on
the
VPN setup, and create a set of access rules for the access you wanted
to allow.
The best answer, sadly, would be to set up the two "special"
machines
on a different subnet entirely, and create 2 VPNs - one fron
Location2.Network1 to Location1, one from Location2.Network2 to
Location1.
Hopefully your router will also route local subnets, so
Location2.Network1 and Location2.Network2 will be able to see each
other. Again, how you do this depends heavily on the router you use.
It's worth mentioning that the ranges you give can't actually be
right - VPN subnets have to fall on contiguous network boundaries, so
actually the subnets are 192.168.0.0-192.168.0.255 and 192.168.11.0-
192.168.11.255.
Even if you aren't using the extra IP addresses at the end, it would
be possible for someone with physical access to your network to give
himself such an address, and therefore have access at the IP level to
both networks.
Regards,
Mark
--- In ukha_d@xxxxxxx, "Pedro de Oliveira"
<p.oliveira@b...>
wrote:
> Hi All
>
> Off topic but there are some networking gurus on here so I thought I
> would ask:
>
> I am trying to establish a VPN between two firewalls but with
limited
> connectivity at one end.
>
> Firewall1 address range: 192.168.0.1 - 192.168.0.250
> Firewall2 address range: 192.168.111.1 - 192.168.111.230
>
> I only want two workstations behind Firewall2 to be able to
communicate
> with all other workstations behind Firewall1. I have set up the vpn
to
> allow all workstations to see all other workstations by using a
netmask
> of 192.168.111.0/24 and 192.168.0.0/24 but I can't figure out how to
> manipulate the netmasks to only allow 192.168.111.18 and
192.168.111.17
> to see the whole of 192.168.0.0/24
>
> Hoping someone can help
>
> Cheers
> Pedro
Home |
Main Index |
Thread Index
|