From: Stauffer Walter (stauffer_at_galenica.ch)
Date: Fri Nov 08 2002 - 14:15:29 CET
In a remotely similar situation I am using Zebra / OSPF to announce routes
to
the internal network. Of course it's an additional complication and one more
thing
which may fail ;-)
Best regards,
Walter
> -----Original Message-----
> From: C. Jim [mailto:sutabacoffeeloverjp_at_yahoo.co.jp]
> Sent: Friday, November 08, 2002 10:59 AM
> To: users_at_lists.freeswan.org
> Subject: [Users] Are virtual IPs on Windows Road Warrios possible?
>
>
> Am I mistaken? Are virtual IPs on Windows Road Warrios
> possible?
>
> I am trying to impliment Freeswan with Win2K/XP road
> warriors, I hade it working perfectly in a local test
> environment, but taking it global is proving to be quite a
> challenge. Here's the global setup.
>
> {Internet}
> |
> |
> [Router]-------+---------[Firewall#1]-----------{DMZ#1}
> | |
> {DMZ#2}--[Firewall#2] |
> | |
> [Freeswan/RHL7.3]---[Catalyst6506]----{Private Network}
>
>
> My thinking behind setting it up like this was to protect
> the Freeswan server from outside attacks (just another
> layer of firewall protection from Firewall #2 based on IP
> address filtering) and the global IP addressing around the
> two firewalls and DMZs. Previously, there was no
> connection between Firewall #2 and the Catalyst 6506.
> Another consideration is the fact that Firewall #1 is
> covered by a service contract which doesn't allow us to
> change the rule set on the fly, unlike Firewall #2, which
> is a Dell PowerEdge with RH and iptables that we built a
> while ago.
>
> Here's my problem. Using Marcus Muller's VPN Tool, I am
> able to securely connect to the Freeswan server in a
> global environment. However, I am not able to get into
> the company network. The reason, I believe, being that
> the Catalyst is sending the return packets to Firewall
> #1(default route) instead of the Freeswan server. I don't
> know of any way to dynamically add the road warrior's IP
> address to route through the Freeswan server. However, I
> am kinda of leery of doing that anyways though.
>
> My thinking then was if I could have the Windows Road
> Warriors setup with a virtual IP address, I could then
> simply add a static route to that virtual subnet routing
> it through the Freeswan server and it would take over from
> there. However, it seems like W2K at least (haven't tried
> XP yet) doesn't support virtual IP addresses. Is this
> correct?
>
> Does anyone have any suggestions? Is there a better way
> to layout this than what I have above?
>
> Any suggestions would be greatly appreciated.
>
> Jim
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! BB is Broadband by Yahoo!
> http://bb.yahoo.co.jp/
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
>
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Sat Nov 09 2002 - 05:20:36 CET