Hello everyone,
Firstly I appologise if this is not primarily a FreeSwan question. I have
had little luck finding examples of how to secure my home lan set up and was
wondering if you could help point the way. I have a Linux FW/WebProxy with
FreeSwan installed (yet not configured) in front of a W2K server. The W2K
server acts as a gateway to a number of Windows clients with dynamic IP's.
The clients are connected via a unsecured wireless network. My primary aim
is to secure all the internal traffic, and secondly, build a VPN from the
internet side through to the W2K server.
I have a IPSec policy inplace between the windows clients - the policy
states all traffic destined for the 10.0.1.0 network should be encrypted,
unecrpypted traffic destined for the secure 10.0.55.0 network is in the
clear - the W2K server just forwarding the IP on to the Linux box.
The topology is below:
Secure Not Secured
| |
Internet --- Linux/ : ============== : Windows 2K : -------------- :
Windows Client
FreeSwan | 10.0.1.0 | /IPSec | 10.1.55.0 | /
Dynamic IP
| | | | /
IPSec
| | | |
10.0.1.1 10.0.1.2 10.0.55.1 10.0.55.*
My initial question is how to secure *all* traffic over the wireless
10.1.55.0 network. This includes encrypting all traffic and filtering out
any rogue clients. Do I need to have the FW require IPSec trafic in its
10.0.1.1 interface? or is there a way to get the dynamic clients to tunnel
via the W2K gateway.
Any insight or help greatly appreciated!
Thanks
R
_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:47 CEST