> Okai i'll try drawing it then:
> VPN
> Office 1---------
> \
> \
> === Main office
> VPN /
> Offic 2----------/
>
>
> Then my question is do i have to set any special parm. in order for the box
> at the main office to accept both tunnels? (I've seen several conf examples
> where the last part variates from require/use/unique and so on. But the
> function of those cmd's i could'nt find anything about?)

suppose that the security gateway for the office 1 is named SG1
and it's outernal ipv4 address is sg1. similarly, one for office 2
is named SG2 and sg2, one for main office is named SGM, and sgm.
the network address of office 1 is net1, similarly net2 and netm.
then the security policy configuration on each security gateway
is the following,

on SG1:
        spdadd net1 netm any -P out esp/tunnel/sg1-sgm/require;
        spdadd netm net1 any -P in esp/tunnel/sgm-sg1/require;

on SG2:
        spdadd net2 netm any -P out esp/tunnel/sg2-sgm/require;
        spdadd netm net2 any -P in esp/tunnel/sgm-sg2/require;

on SGM:
        spdadd netm net1 any -P out esp/tunnel/sgm-sg1/require;
        spdadd net1 netm any -P in esp/tunnel/sg1-sgm/require;
        spdadd netm net2 any -P out esp/tunnel/sgm-sg2/require;
        spdadd net2 netm any -P in esp/tunnel/sg2-sgm/require;

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]