Difference between revisions of "FireBrick to FireBrick IPsec (Howto)"

From AAISP Support Site
Jump to navigation Jump to search
[quality revision][quality revision]
m
m
Line 7: Line 7:
 
{| class="wikitable"
 
{| class="wikitable"
 
!
 
!
! FireBrick A
+
! FireBrick London
! FireBrick B
+
! FireBrick Reading
 
|-
 
|-
 
! LAN IP range
 
! LAN IP range
Line 21: Line 21:
 
We'll want to end up with machines on each LAN being able to contact each other.
 
We'll want to end up with machines on each LAN being able to contact each other.
   
==FireBrick A Config==
+
==FireBrick London Config==
   
  +
<ipsec-ike comment="toReading">
  +
<connection name="toReading" local-ip="203.0.113.1" peer-ips="198.51.100.1" graph="ReadingIPsec" routes="10.0.0.0/24" local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate"/>
  +
</ipsec-ike>
   
 
==FireBrick B Config==
 
==FireBrick B Config==
  +
  +
<ipsec-ike comment="toLondon">
  +
<connection name="toLondon" local-ip="198.51.100.1" peer-ips="203.0.113.1" graph="LondonIPsec" routes="192.168.0.0/24"local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate"/>
  +
</ipsec-ike>

Revision as of 15:59, 28 April 2015

Here we will use an IPsec tunnel between two FireBricks. We will use IKE2 and use a (strong) preshared password.

Manuals

Do read the manuals 12.1.3. Setting up Manual Keying

Network Overview:

FireBrick London FireBrick Reading
LAN IP range 192.168.0.0/24 10.0.0.0/24
WAN Address 203.0.113.1 198.51.100.1

We'll want to end up with machines on each LAN being able to contact each other.

FireBrick London Config

  <ipsec-ike comment="toReading">
     <connection name="toReading" local-ip="203.0.113.1" peer-ips="198.51.100.1" graph="ReadingIPsec" routes="10.0.0.0/24" local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate"/>
  </ipsec-ike>

FireBrick B Config

  <ipsec-ike comment="toLondon">
     <connection name="toLondon" local-ip="198.51.100.1" peer-ips="203.0.113.1" graph="LondonIPsec" routes="192.168.0.0/24"local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate"/>
  </ipsec-ike>