Hi List. Your setup leads to some problem because all your IPs are "used" between in the net between the cisco and your firewall. There are two solutions: 1.) Install a host-route on the Cisco and the firewall that will lead to that one host in your DMZ 2.) Thats what our net looks like: Cisco 192.168.100.1/255.255.255.254 | | | eth1:192.168.100.2/255.255.255.254 Firewall1---------------------eth0:<external IP><external Netmask> eth2:192.168.200.1/255.255.255.254 | | | eth0:192.168.200.2/255.255.255.254 Firewall2 | | LAN you have to set up a transfer-net between the cisco and the firewall, so you can use all your IPs in the DMZ and setup all your servers there. I guess all your external servers including the firewall are on one switch with the Cisco. So just move that switch to the DMZ-interface of the firewall and set up that transfer net ... the thing is, you can now control all traffic that wants to reach your DMZ hosts on the firewall, including your VPN server ... Hope someone does understand that ;) Greetings, Michael On Wed, 25 Jun 2003, Philipp Flesch wrote:
Hi! We are using SuSE 8.1 prof. as firewall. Now we have to add a VPN ... this VPN-"blackbox" should be in a DMZ so that I can control the traffic and what's going on on that VPN-Gateway. The VPN-Gateway only needs ftp to my firewall
InternetGateway (CISCO-Router) 212.125.104.73 (mask 255.255.255.248)
| |
eth1 212.125.104.75 (mask 255.255.255.248) +++++Firewall (SuSE 8.1)+++++ eth2 ----- VPN eth0 10.10.0.102 (mask 255.255.0.0) | | LAN
the VPN needs one of our offical IP-Adresses ... .77 and .78 are still free and the VPN needs ftp to the firewall ... how configure the DMZ on eth2? I haven't found any usefull documents in the net :-(
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- GiS - Gesellschaft fuer integrierte Systemplanung mbH +==================================================================+ Michael Scherer mscherer@gis-systemhaus.de Tel: 06201-503-74 Junkersstr.2 69469 Weinheim Fax: 06201-503-66 +==================================================================+ It's a book about a Spanish guy called Manual, you should read it. -- Dilbert