This is the support site for Andrews & Arnold Ltd, a UK Internet provider. Information on these pages is generally for our customers but may be useful to others, enjoy!
Difference between revisions of "FireBrick to FireBrick IPsec (Howto)"
Jump to navigation
Jump to search
| [quality revision] | [quality revision] |
m (AA-Andrew moved page FireBrick IPsec to FireBrick to FireBrick to FireBrick IPsec (Howto)) |
m |
||
| Line 25: | Line 25: | ||
<ipsec-ike comment="toReading"> |
<ipsec-ike comment="toReading"> |
||
| − | <connection name="toReading" local-ip="203.0.113.1" peer-ips="198.51.100.1" graph="ReadingIPsec" routes="10.0.0.0/24" local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate"/> |
+ | <connection name="toReading" local-ip="203.0.113.1" peer-ips="198.51.100.1" graph="ReadingIPsec" routes="10.0.0.0/24" local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate" blackhole="true"/> |
</ipsec-ike> |
</ipsec-ike> |
||
| Line 35: | Line 35: | ||
<ipsec-ike comment="toLondon"> |
<ipsec-ike comment="toLondon"> |
||
| − | <connection name="toLondon" local-ip="198.51.100.1" peer-ips="203.0.113.1" graph="LondonIPsec" routes="192.168.0.0/24"local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate"/> |
+ | <connection name="toLondon" local-ip="198.51.100.1" peer-ips="203.0.113.1" graph="LondonIPsec" routes="192.168.0.0/24"local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate" blackhole="true"/> |
</ipsec-ike> |
</ipsec-ike> |
||
Revision as of 15:44, 6 May 2015
Here we will use an IPsec tunnel between two FireBricks. We will use IKE2 and use a (strong) preshared password.
Manuals
Do read the official FireBrick manuals for more information this is just a simple howto, which just covers the basics.
Network Overview:
| FireBrick London | FireBrick Reading | |
|---|---|---|
| LAN IP range | 192.168.0.0/24 | 10.0.0.0/24 |
| WAN Address | 203.0.113.1 | 198.51.100.1 |
We'll want to end up with machines on each LAN being able to contact each other.
FireBrick London Config
<ipsec-ike comment="toReading">
<connection name="toReading" local-ip="203.0.113.1" peer-ips="198.51.100.1" graph="ReadingIPsec" routes="10.0.0.0/24" local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate" blackhole="true"/>
</ipsec-ike>
If you firewall WAN to 'Self' (The Firebrick, then a firewall filter may be needed too, eg:
<rule name="IPsec from London FB" protocol="50" action="accept" source-ip="198.51.100.1"/>
FireBrick B Config
<ipsec-ike comment="toLondon">
<connection name="toLondon" local-ip="198.51.100.1" peer-ips="203.0.113.1" graph="LondonIPsec" routes="192.168.0.0/24"local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate" blackhole="true"/>
</ipsec-ike>
If you firewall WAN to 'Self' (The Firebrick, then a firewall filter may be needed too, eg:
<rule name="IPsec from Reading FB" protocol="50" action="accept" source-ip="203.0.113.1"/>