-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I have the next network topology:
|--------|
|--| IPSEC1 |
|------|--| |--------|
- ---------------------------| FW |
| | |------|--| |--------|
|-------| |--------| |--| IPSEC2 |
| HOSTA | | HOST B | |--------|
|-------| |--------|
HOSTA and HOSTB are IP services servers protected by the FW (FireWall) host.
The FW host has IP Tables and FreeS/WAN IPSEC with the X.509 certificates
patch.
IPSEC1 and IPSEC2 are hosts that connect to the HOSTA and HOSTB servers using
preformed IPSEC tunnels.
IPSEC1 and IPSEC2 has dynamic IP, for this reason I have configured the IPSEC
in the FW for accept RoadWarrior connections authentified by X.509
certificate.
Well, I have the next problem.
I want that host IPSEC1 has access to HOSTA, but no to HOSTB; and IPSEC2 has
access to HOSTB and not to HOSTA.
How can I do it ?
The problem is that I don't know how to identify the IPSEC1 host and IPSEC2
host in the FW rules (I can not use the IP because it is dynamic).
May someone help me ?
Greetings.
- ---
Carles Xavier Munyoz Baldó
carles_at_descom.es
Descom Consulting
Telf: +34 965861024
Fax: +34 965861024
http://www.descom.es/
- ---
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQA/AwUBPKA5SDvYAf7VZNaaEQLYbwCgjCNpGkPBYwaeEMHBBabboiNfYpoAmQHK
07NcNbC9NnX8IqpyjsOyVD8y
=HS72
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:46 CEST