|
wiggles
Miffed a Milf
Registered: 11/09/05
Posts: 2,615
Last seen: 10 years, 7 months
|
VPN help needed
#7265902 - 08/06/07 10:55 AM (16 years, 7 months ago) |
|
|
Greetings all! I am in the midst of deploying a VPN, and of course our vpn engineer is on vacation in China. So, I am pretty much on my own to do this, and it sucks.
Here is the layout: The client has two sites that need a perpetual IPSec tunnel between them. Each site is connected to the internet via a business class cable gateway/modem. The VPN appliances we're using are SonicWall TZ-190's, which will be located directly behind the gateways. No dhcp is being used anywhere, each device is going to be using the cable modem as its default gateway.
So, when a machine sends anything, it will go to the default gateway first. Would I need to set up a route so that any traffic that is destined for site b gets passed from the gateway to the firewall, and then gets passed to the vpn tunnel? Am I doing this ass backwards?
I am just getting started with networking and I am feeling completely overwhelmed at the moment. This site to site vpn has to be up by the end of the week, and the CEO is breathing down my neck.
I've been grinding away at this stuff so much that its kind of muddled in my head.
-------------------- You can turn your back on a person, but never turn your back on a drug, especially when its waving a razor sharp hunting knife in your eye. Hunter S. Thompson
|
Seuss
Error: divide byzero
Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 1 month, 19 days
|
Re: VPN help needed [Re: wiggles]
#7267016 - 08/06/07 04:48 PM (16 years, 7 months ago) |
|
|
-------------------- Just another spore in the wind.
|
Seuss
Error: divide byzero
Registered: 04/27/01
Posts: 23,480
Loc: Caribbean
Last seen: 1 month, 19 days
|
Re: VPN help needed [Re: Seuss]
#7267058 - 08/06/07 04:58 PM (16 years, 7 months ago) |
|
|
Hmmm... just read Part 9 VPN Chapter 44 of the SonicOS_Enhanced_3.8_Administrators_Guide and it seems pretty easy (famous last words). You are creating a site to site VPN... ignore all the global client crap. Once you create the VPN using the wizard, it creates access rules for you to the proper zones (vpn->lan, lan->vpn, lan->dmz, etc)
Quote:
So, when a machine sends anything, it will go to the default gateway first. Would I need to set up a route so that any traffic that is destined for site b gets passed from the gateway to the firewall, and then gets passed to the vpn tunnel? Am I doing this ass backwards?
If I am reading it correctly, you don't need to worry about any of that. The wizard should set up the proper access rules needed to pass things through the VPN or not (both coming and going). See the section on "VPN Auto Added Access Rule Control" (page 454)
-------------------- Just another spore in the wind.
Edited by Seuss (08/06/07 05:02 PM)
|
automan
blasted chipmunk
Registered: 09/18/03
Posts: 8,272
|
Re: VPN help needed [Re: Seuss]
#7267102 - 08/06/07 05:14 PM (16 years, 7 months ago) |
|
|
would he not need to add the rules to his iptables? though, i am assuming a firewall is part of the gateway (or at least is hit before any signal gets to any non-routing hardware.)
-------------------- No, no, you're not thinking, you're just being logical. ~ Niels Bohr
|
wiggles
Miffed a Milf
Registered: 11/09/05
Posts: 2,615
Last seen: 10 years, 7 months
|
Re: VPN help needed [Re: automan]
#7267909 - 08/06/07 08:31 PM (16 years, 7 months ago) |
|
|
Thats what I'm not sure about... I'm positioning the firewalls where I am so everything has to pass through them. But they also have to pass through the gateways. I've got no idea about setting up vpns, I barely know the basics of routing at this point
Oh well.. I have to at least install the hardware tomorrow morning. hopefully I can figure it out on site.. otherwise I am, in a word, proper fucked.
-------------------- You can turn your back on a person, but never turn your back on a drug, especially when its waving a razor sharp hunting knife in your eye. Hunter S. Thompson
|
johnsonm90
Stranger
Registered: 09/26/11
Posts: 2
Last seen: 12 years, 6 months
|
Re: VPN help needed [Re: wiggles]
#15135494 - 09/26/11 04:47 AM (12 years, 6 months ago) |
|
|
Setting up and configuring routers n all is so complex..I can understand how you must be feelings right now..I can only pray for you here
|
koraks
Registered: 06/02/03
Posts: 26,697
|
|
Dude, that topic was 4 years old
|
|