Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick Road Warrior FireBrick Config: Difference between revisions

FireBrick Road Warrior FireBrick Config (view source)

Revision as of 20:34, 17 February 2016

880 bytes added ,  17 February 2016
m
→‎A note on IP Allocations
connected on the LAN, and, if the LAN subnet is routable, the
remote device will also be able to communicate externally.
 
'''Think about the NAT'''
 
A problem arises however when the LAN subnet is non-routable (RFC1918 IPs, eg 1923.168.x.x).
In this case the LAN subnet is usually marked NAT in the FB config,
so LAN devices can communicate externally (obviously for outgoing
sessions only). However, for roadwarrior devices the FB has to
know that incoming IPsec packets for the LAN (or the FB) should not
be NATed, but those destined for elsewhere should be (assuming
the roadwarrior devices should be given internet access).
 
The roaming-pool NAT flag will nat everything, but the FB LAN NAT
flag won't be looked at (it only applies to real traffic originating
on the LAN and destined off-LAN).
 
This is overcome, either, by using mapping rules, or by disabling NAT on the LAN subnet and instead enabling NAT on the external internet connection, eg in most cases this would be the PPP connection.
 
==Overview==
AA-Andrew
autoreview, Bureaucrats, editor, Interface administrators, reviewer, Administrators
12,270

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/10791