FireBrick Road Warrior FireBrick Config: Difference between revisions
Content deleted Content added
No edit summary |
|||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 51: | Line 51: | ||
==Overview== |
==Overview== |
||
In this example we are assuming you can allocate some IP addresses on |
In this example we are assuming you can allocate some IP addresses on your LAN. You do this by picking a range of addresses and setting up a roaming-pool (see below). You need to ensure the IP range does not clash with devices on the LAN and is not in the DHCP ranges that could allocate to the LAN. |
||
The FireBrick needs a configuration for the connection, and roaming pools and user identities. The connection can be used for any number of devices at once with the same pool of IP addresses; each would have a user name and password defined. |
The FireBrick needs a configuration for the connection, and roaming pools and user identities. The connection can be used for any number of devices at once with the same pool of IP addresses; each would have a user name and password defined. |
||
| Line 68: | Line 68: | ||
</ipsec-ike> |
</ipsec-ike> |
||
</syntaxhighlight> |
</syntaxhighlight> |
||
Note: the <tt>force-NAT="0.0.0.0/0"</tt> forces keep-alives which are needed when NAT is involved between the endpoints but and also helps where stateful firewalls are in the route too. (without this set, you may find that the ipsec tunnel drops every hour or so) |
|||
Each roaming user then needs an <tt>eap</tt> user record. This goes with any user entries near the top of the config. |
Each roaming user then needs an <tt>eap</tt> user record. This goes with any user entries near the top of the config. |
||