Jump to content

This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!

FireBrick Road Warrior FireBrick Config: Difference between revisions

FireBrick Road Warrior FireBrick Config (view source)

Revision as of 00:00, 15 March 2017

6 bytes added ,  15 March 2017
m
clean up, typos fixed: eg → e.g. (3)
m (clean up, typos fixed: eg → e.g. (3))
<indicator name="RoadW">[[File:Menu-Road-Warrior.svg|link=:Category:FireBrick_IPsec_Road_WarriorFireBrick IPsec Road Warrior|30px|Back up to the FireBrick Road Warrior Category Page]]</indicator>
= FireBrick IPsec config =
 
 
Choose an IP range not used anywhere else in your FB config
(and to avoid confusion choose something non-routable ege.g. from 10...)
Set the NAT flag on the ipsec roaming pool definition.
 
'''Think about the NAT'''
 
A problem arises however when the LAN subnet is non-routable (RFC1918 IPs, ege.g. 1923.168.x.x).
In this case the LAN subnet is usually marked NAT in the FB config,
so LAN devices can communicate externally (obviously for outgoing
on the LAN and destined off-LAN).
 
This is overcome, either, by using mapping rules, or by disabling NAT on the LAN subnet and instead enabling NAT on the external internet connection, ege.g. in most cases this would be the PPP connection.
 
==Overview==
*Editing the DNS Service to allow non-local users, we'd recommend using an Allow list that includes the IPsec clients as well as the LAN clients if they are to also use the FireBrick as their DNS resolver. (Setup - General System Services - DNS)
 
[[Category:FireBrick_IPsec_Road_WarriorFireBrick IPsec Road Warrior|FireBrick Config]]
Reedy
editor
698

edits

Retrieved from ‘http://support.aa.net.uk/Special:MobileDiff/11973