The UK Home Automation Archive

Archive Home
Group Home
Search Archive


Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024

Latest message you have seen: Re: C-Bus Course


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Re: [OT] VPN between firewalls


  • To: <ukha_d@xxxxxxx>
  • Subject: RE: Re: [OT] VPN between firewalls
  • From: "Pedro de Oliveira" <p.oliveira@xxxxxxx>
  • Date: Mon, 18 Aug 2003 12:33:53 +0100
  • Mailing-list: list ukha_d@xxxxxxx; contact ukha_d-owner@xxxxxxx
  • Reply-to: ukha_d@xxxxxxx

Hi Mark

Firewall1 is IPCop 1.3
Firewall2 is SOHO6tc (Watchguard)

Your right - the ranges are incorrect. What I meant was, this is the
range available to DHCP clients... Sorry for the confusion.

I will take a look and see if there is an option to configure the access
rules on the firewall.

Thanks for the help
Pedro

-----Original Message-----
From: mark_harrison_uk2 [mailto:mph@xxxxxxx]
Sent: 18 August 2003 12:20
To: ukha_d@xxxxxxx
Subject: [ukha_d] Re: [OT] VPN between firewalls


Pedro,

I don't believe there's any generic answer at the firewall level.

What firewall are you using?

In Firewall-1, you'd simply untick the "allow all access" box on
the
VPN setup, and create a set of access rules for the access you wanted
to allow.

The best answer, sadly, would be to set up the two "special"
machines
on a different subnet entirely, and create 2 VPNs - one fron
Location2.Network1 to Location1, one from Location2.Network2 to
Location1.

Hopefully your router will also route local subnets, so
Location2.Network1 and Location2.Network2 will be able to see each
other. Again, how you do this depends heavily on the router you use.

It's worth mentioning that the ranges you give can't actually be
right - VPN subnets have to fall on contiguous network boundaries, so
actually the subnets are 192.168.0.0-192.168.0.255 and 192.168.11.0-
192.168.11.255.

Even if you aren't using the extra IP addresses at the end, it would
be possible for someone with physical access to your network to give
himself such an address, and therefore have access at the IP level to
both networks.

Regards,

Mark


Home | Main Index | Thread Index

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.