Back up to the Tunnels Category
Back up to the FireBrick Tunnels Category Page

Difference between revisions of "FireBrick to FireBrick IPsec (Howto)"

From AAISP Support Site
Jump to navigation Jump to search
[quality revision][quality revision]
m
m
Line 1: Line 1:
 
<indicator name="FireBrick Tunnels">[[File:FBimgtunnel.svg|link=:Category:FireBrick_Tunnels|30px|Back up to the Tunnels Category]]</indicator>
 
<indicator name="FireBrick Tunnels">[[File:FBimgtunnel.svg|link=:Category:FireBrick_Tunnels|30px|Back up to the Tunnels Category]]</indicator>
  +
<indicator name="Tunnels">[[File:FBimgtunnel.svg|link=:Category:FireBrick_Tunnels|30px|Back up to the FireBrick Tunnels Category Page]]</indicator>
 
Here we will use an IPsec tunnel between two FireBricks. We will use IKEv2 and use a preshared-secret password.
 
Here we will use an IPsec tunnel between two FireBricks. We will use IKEv2 and use a preshared-secret password.
   

Revision as of 15:19, 30 June 2015


Here we will use an IPsec tunnel between two FireBricks. We will use IKEv2 and use a preshared-secret password.

Note that the password shown in the config entries below is an example only. A strong passphrase should be used in a real config.

Manuals

Do read the official FireBrick manuals for more information - this is just a simple howto covering the basics.

Network Overview:

FireBrick London FireBrick Reading
LAN IP range 192.168.0.0/24 10.0.0.0/24
WAN Address 203.0.113.1 198.51.100.1

We'll want to end up with machines on each LAN being able to contact each other.

FireBrick London Config

  <ipsec-ike comment="toReading">
     <connection name="toReading" local-ip="203.0.113.1" peer-ips="198.51.100.1" graph="ReadingIPsec" routes="10.0.0.0/24" local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate" blackhole="true"/>
  </ipsec-ike>

If you firewall WAN to 'Self' (The FireBrick), then a firewall filter may be needed too, eg:

     <rule name="IPsec from London FB" protocol="50" action="accept" source-ip="198.51.100.1"/>

FireBrick Reading Config

  <ipsec-ike comment="toLondon">
     <connection name="toLondon" local-ip="198.51.100.1" peer-ips="203.0.113.1" graph="LondonIPsec" routes="192.168.0.0/24" local-ID="1" peer-ID="1" auth-method="Secret" secret="mySecretPassword" mode="Immediate" blackhole="true"/>
  </ipsec-ike>

If you firewall WAN to 'Self' (The Firebrick), then a firewall filter may be needed too, eg:

     <rule name="IPsec from Reading FB" protocol="50" action="accept" source-ip="203.0.113.1"/>