FireBrick to FireBrick IPsec (Howto): Difference between revisions
m (AA-Andrew moved page FireBrick IPsec to FireBrick to FireBrick to FireBrick IPsec (Howto)) |
mNo edit summary |
||
| Line 25: | Line 25: | ||
<ipsec-ike comment="toReading"> |
<ipsec-ike comment="toReading"> |
||
<connection name="toReading" local-ip="203.0.113.1" peer-ips="198.51.100.1" graph="ReadingIPsec" routes="10.0.0.0/24" local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate"/> |
<connection name="toReading" local-ip="203.0.113.1" peer-ips="198.51.100.1" graph="ReadingIPsec" routes="10.0.0.0/24" local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate" blackhole="true"/> |
||
</ipsec-ike> |
</ipsec-ike> |
||
| Line 35: | Line 35: | ||
<ipsec-ike comment="toLondon"> |
<ipsec-ike comment="toLondon"> |
||
<connection name="toLondon" local-ip="198.51.100.1" peer-ips="203.0.113.1" graph="LondonIPsec" routes="192.168.0.0/24"local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate"/> |
<connection name="toLondon" local-ip="198.51.100.1" peer-ips="203.0.113.1" graph="LondonIPsec" routes="192.168.0.0/24"local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate" blackhole="true"/> |
||
</ipsec-ike> |
</ipsec-ike> |
||
Revision as of 14:44, 6 Mayıs 2015
Here we will use an IPsec tunnel between two FireBricks. We will use IKE2 and use a (strong) preshared password.
Manuals
Do read the official FireBrick manuals for more information this is just a simple howto, which just covers the basics.
Network Overview:
| FireBrick London | FireBrick Reading | |
|---|---|---|
| LAN IP range | 192.168.0.0/24 | 10.0.0.0/24 |
| WAN Address | 203.0.113.1 | 198.51.100.1 |
We'll want to end up with machines on each LAN being able to contact each other.
FireBrick London Config
<ipsec-ike comment="toReading">
<connection name="toReading" local-ip="203.0.113.1" peer-ips="198.51.100.1" graph="ReadingIPsec" routes="10.0.0.0/24" local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate" blackhole="true"/>
</ipsec-ike>
If you firewall WAN to 'Self' (The Firebrick, then a firewall filter may be needed too, eg:
<rule name="IPsec from London FB" protocol="50" action="accept" source-ip="198.51.100.1"/>
FireBrick B Config
<ipsec-ike comment="toLondon">
<connection name="toLondon" local-ip="198.51.100.1" peer-ips="203.0.113.1" graph="LondonIPsec" routes="192.168.0.0/24"local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate" blackhole="true"/>
</ipsec-ike>
If you firewall WAN to 'Self' (The Firebrick, then a firewall filter may be needed too, eg:
<rule name="IPsec from Reading FB" protocol="50" action="accept" source-ip="203.0.113.1"/>