Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.freeswan.org > users > 03 > 102576.html (Request Expert lists.freeswan.org Support)

Re: [Users] Connect 3 networks

From: Sam Sgro <sam(at)freeswan.org>
Date: Thu Oct 02 2003 - 03:22:47 EDT

-----BEGIN PGP SIGNED MESSAGE----- On Thursday 02 October 2003 03:08, Thomas Schmidt wrote:
> Ipsec-gw1 has a static ip, ipsec-gw2 and 3 have dynamic ip's. The

Yes, this is possible.

Given that the Cisco box is requesting an appropriate tunnel, it looks like all you need to do is add the necessary connection on the FreeS/WAN side:

conn gw2-viagw1-gw3 

	left=%defaultroute          # me
	leftsubnet=192.168.3.0/24   # gw2 gets to gw3's net through me
	right=gw2.IP.add.ress       # gw2
	rightsubnet=192.168.2.0/24  # gw2's net
	... 

conn gw3-viagw1-gw2
	left=%defaultroute          # me
	leftsubnet=192.168.2.0/24   # gw3 gets to gw2's net through me
	right=gw3.IP.add.ress       # gw3
	rightsubnet=192.168.3.0/24  # gw3's net
	...

These connections should be identical to the working conns between gw1 and gw2/gw3 in each case. You may benefit from the "also" parameter to inherit common settings between connections. See the man page for ipsec.conf, eg:

conn gw2-viagw1-gw3 

	left=%defaultroute          # me
	leftsubnet=192.168.3.0/24   # gw2 gets to gw3's net through me
	right=gw2.IP.add.ress       # gw2
	rightsubnet=192.168.2.0/24  # gw2's net
	also=gw2-auth
	auto=start

conn gw2-gw1
	left=%defaultroute          # me
	leftsubnet=192.168.5.0/24   # my net
	right=gw2.IP.add.ress       # gw2
	rightsubnet=192.168.2.0/24  # gw2's net
	also=gw2-auth
	auto=start

conn gw2-auth
	rightid=@bleh
	leftid=@blah
	ikelifetime=123123s
	authby=secret
  • -- Sam Sgro sam@freeswan.org

-----BEGIN PGP SIGNATURE----- 

Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
Do you need help?X

iQCVAwUBP3vST0OSC4btEQUtAQEGEQP/bkz5HD9v7utH00CnKhtK8mzV40yAnwCG VCBo9MXWJ4BCt3jc0MhH8qfE9nH/1pXKxPI/mjT7I0olDQ3/f8HIDkd9s9AFHclP oKNjPjhLWUxsYRyiyMsgiVUUkjce/AYt0zXdODH0GBvYuuqaCRiDfsnqG897GmMn M1awmkJREtc=
=S/Kv
-----END PGP SIGNATURE-----


FreeS/WAN Users mailing list
users@lists.freeswan.org
https://mj2.freeswan.org/cgi-bin/mj_wwwusr Received on Thu Oct 2 03:37:36 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:01:39 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library