FireBrick to FireBrick IPsec (Howto): Difference between revisions

From AAISP Support Site
mNo edit summary
mNo edit summary
Line 7: Line 7:
{| class="wikitable"
{| class="wikitable"
!
!
! FireBrick A
! FireBrick London
! FireBrick B
! FireBrick Reading
|-
|-
! LAN IP range
! LAN IP range
Line 21: Line 21:
We'll want to end up with machines on each LAN being able to contact each other.
We'll want to end up with machines on each LAN being able to contact each other.


==FireBrick A Config==
==FireBrick London Config==


<ipsec-ike comment="toReading">
<connection name="toReading" local-ip="203.0.113.1" peer-ips="198.51.100.1" graph="ReadingIPsec" routes="10.0.0.0/24" local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate"/>
</ipsec-ike>


==FireBrick B Config==
==FireBrick B Config==

<ipsec-ike comment="toLondon">
<connection name="toLondon" local-ip="198.51.100.1" peer-ips="203.0.113.1" graph="LondonIPsec" routes="192.168.0.0/24"local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate"/>
</ipsec-ike>

Revision as of 14:59, 28 April 2015

Here we will use an IPsec tunnel between two FireBricks. We will use IKE2 and use a (strong) preshared password.

Manuals

Do read the manuals 12.1.3. Setting up Manual Keying

Network Overview:

FireBrick London FireBrick Reading
LAN IP range 192.168.0.0/24 10.0.0.0/24
WAN Address 203.0.113.1 198.51.100.1

We'll want to end up with machines on each LAN being able to contact each other.

FireBrick London Config

  <ipsec-ike comment="toReading">
     <connection name="toReading" local-ip="203.0.113.1" peer-ips="198.51.100.1" graph="ReadingIPsec" routes="10.0.0.0/24" local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate"/>
  </ipsec-ike>

FireBrick B Config

  <ipsec-ike comment="toLondon">
     <connection name="toLondon" local-ip="198.51.100.1" peer-ips="203.0.113.1" graph="LondonIPsec" routes="192.168.0.0/24"local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate"/>
  </ipsec-ike>