Difference between revisions of "FireBrick to FireBrick IPsec (Howto)"
Jump to navigation
Jump to search
| [quality revision] | [quality revision] |
m |
m |
||
| Line 7: | Line 7: | ||
{| class="wikitable" |
{| class="wikitable" |
||
! |
! |
||
| − | ! FireBrick |
+ | ! FireBrick London |
| − | ! FireBrick |
+ | ! FireBrick Reading |
|- |
|- |
||
! LAN IP range |
! LAN IP range |
||
| Line 21: | Line 21: | ||
We'll want to end up with machines on each LAN being able to contact each other. |
We'll want to end up with machines on each LAN being able to contact each other. |
||
| − | ==FireBrick |
+ | ==FireBrick London Config== |
| + | <ipsec-ike comment="toReading"> |
||
| + | <connection name="toReading" local-ip="203.0.113.1" peer-ips="198.51.100.1" graph="ReadingIPsec" routes="10.0.0.0/24" local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate"/> |
||
| + | </ipsec-ike> |
||
==FireBrick B Config== |
==FireBrick B Config== |
||
| + | |||
| + | <ipsec-ike comment="toLondon"> |
||
| + | <connection name="toLondon" local-ip="198.51.100.1" peer-ips="203.0.113.1" graph="LondonIPsec" routes="192.168.0.0/24"local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate"/> |
||
| + | </ipsec-ike> |
||
Revision as of 15:59, 28 April 2015
Here we will use an IPsec tunnel between two FireBricks. We will use IKE2 and use a (strong) preshared password.
Manuals
Do read the manuals 12.1.3. Setting up Manual Keying
Network Overview:
| FireBrick London | FireBrick Reading | |
|---|---|---|
| LAN IP range | 192.168.0.0/24 | 10.0.0.0/24 |
| WAN Address | 203.0.113.1 | 198.51.100.1 |
We'll want to end up with machines on each LAN being able to contact each other.
FireBrick London Config
<ipsec-ike comment="toReading">
<connection name="toReading" local-ip="203.0.113.1" peer-ips="198.51.100.1" graph="ReadingIPsec" routes="10.0.0.0/24" local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate"/>
</ipsec-ike>
FireBrick B Config
<ipsec-ike comment="toLondon">
<connection name="toLondon" local-ip="198.51.100.1" peer-ips="203.0.113.1" graph="LondonIPsec" routes="192.168.0.0/24"local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate"/>
</ipsec-ike>