Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
en:jobs:vpn_gre_over_ipsec [2012/12/29 16:43] admin [FreeBSD device configuration.] |
en:jobs:vpn_gre_over_ipsec [2015/03/12 17:09] admin [Checkpoint 572 (R71.2) device configuration.] |
| |
**1. Requirements packages:**\\ | **1. Requirements packages:**\\ |
%%Linux Centos%% (версии выше 5)\\ | %%Linux Centos%% (versions 5)\\ |
Racoon (ipsec-tools)\\ | Racoon (ipsec-tools)\\ |
Quagga ( version 0.98.6) | Quagga ( version 0.98.6) |
!\\ | !\\ |
interface Tunnel1\\ | interface Tunnel1\\ |
description link to %%FreeBSD%%\\ | description link to %%FreeBSD%%/Linux\\ |
ip address 192.168.0.1 255.255.255.254\\ | ip address 192.168.0.1 255.255.255.254\\ |
ip mtu 1476\\ | ip mtu 1476\\ |
| |
| |
**Step 2. Create %%FreeBSD%% router**\\ | **Step 2. Create %%FreeBSD%%/Linux router**\\ |
| |
Network objects->Interoperable Devices-> Interoperable Devices...\\ | Network objects->Interoperable Devices-> Interoperable Devices...\\ |
VPN shell:[/] > interface\\ | VPN shell:[/] > interface\\ |
VPN shell:[/interface] >add\\ | VPN shell:[/interface] >add\\ |
VPN shell:[/interface/add] >numbered 192.168.0.3 192.168.0.2 %%FreeBSD%% tun_to_freebsd\\ | VPN shell:[/interface/add] >numbered 192.168.0.3 192.168.0.2 %%FreeBSD%%/Linux tun_to_freebsd\\ |
.. | .. |
VPN shell:[/interface]>modify\\ | VPN shell:[/interface]>modify\\ |
**Step 7: Set Empty Group and etc**\\ | **Step 7: Set Empty Group and etc**\\ |
| |
For every device (Checkpoint 572, Cisco, %%FreeBSD%%) sets:\\ | For every device (Checkpoint 572, Cisco, %%FreeBSD%%/Linux) sets:\\ |
| |
Topology->Manual Defined->EMPTY_GROUP\\ | Topology->Manual Defined->EMPTY_GROUP\\ |
| |
IPSEC VPN->Link Selection->Set flag Always Use this IP address->Set flag Selected Address from topology table: External IP (IP_A for %%FreeBSD%%, IP_B for Cisco, IP_C for Checkpoint)\\ | IPSEC VPN->Link Selection->Set flag Always Use this IP address->Set flag Selected Address from topology table: External IP (IP_A for %%FreeBSD%%/Linux, IP_B for Cisco, IP_C for Checkpoint)\\ |
| |
For Cisco and %%FreeBSD%% sets:\\ | For Cisco and %%FreeBSD%%/Linux sets:\\ |
| |
IPSEC VPN->VPN Advanced->Set flag Custom Settings->Set flag One tunnel per gateway pair->GRE on IPSec\\ | IPSEC VPN->VPN Advanced->Set flag Custom Settings->Set flag One tunnel per gateway pair->GRE on IPSec\\ |
In %%bookmark%% Firewall:\\ | In %%bookmark%% Firewall:\\ |
| |
1. Accept services IKE and ESP from Cisco and %%FreeBSD%% to Checkpoint and vice versa\\ | 1. Accept services IKE and ESP from Cisco and %%FreeBSD%%/Linux to Checkpoint and vice versa\\ |
2. Accept any services from TEST_NETWORK to TEST_NETWORK and OSPF. In VPN column set edit:\\ | 2. Accept any services from TEST_NETWORK to TEST_NETWORK and OSPF. In VPN column set edit:\\ |
set flags match traffic in this directional only->\\ | set flags match traffic in this directional only->\\ |
write memory\\ | write memory\\ |
| |
| ==== About author ==== |
| [[https://www.linkedin.com/pub/alexey-vyrodov/59/976/16b|Profile]] of the author |
| |
| |
| |