I have been given instructions on a VPN requirement for a vendor to implement an EDI system.
I'm running a untangle NG firewall with the following build:
Build: 9.4.2~svn20130830r35759release9.4-1lenny
Kernel: 2.6.26-2-untangle-686
Please forgive me because I'm about to betray my own ignorance in a big way.
The vendor has sent me the following list of requirements for the IPsec tunnel:
Please have the following setup for VPN
Epicor Peer 205.173.226.150
Epicor Remote Subnet 10.240.1.0 /24
Phase 1
Esp,md5,3des
Phase 2
MD5 , 3des, NO PFS
When creating VPN Traffic must look like it is coming from 10.250.199.0/24
Either create Network int on your firewall for 10.250.199.1 /24 and Alias on Server 10.250.199.2
Also may need static route on server route add p 10.240.1.0 mask 255.255.255.0 10.250.199.1
That is if you use alias IP on both.
Or your firewall may allow NAT over VPN from network 192.168.1.0 /24 to 10.250.199.0/24 when traffic needs to go to 10.240.1.0 /24(Epicor)
Here is how my setup currently looks in the rack app:
unwiredipsec.PNG
We have naught but a single subnet here (192.168.1.0/24)
I believe the devices on the other end of this tunnel are Cisco but the guy has been very conservative with what he's willing to tell me about it, offering instead to sell me a new appliance for these purposes if I'm not smart enough to figure it out.
The web admin IPsec gui seems rather threadbare but I'm sure this box is up to the task. I'm especially at a loss when it comes to creating the network interface objects and/or the static route. I'm also not sure how to meet his phase 1 and phase 2 requirements without laying eyes on a configuration page that makes explicit reference to those things.
I guess my question is: Is the unwired up to the task at hand here (I'm sure it is, but who knows) and how do I configure the more advanced requirements specifically
When creating VPN Traffic must look like it is coming from 10.250.199.0/24
Either create Network int on your firewall for 10.250.199.1 /24 and Alias on Server 10.250.199.2
Also may need static route on server route add p 10.240.1.0 mask 255.255.255.0 10.250.199.1
and verifying the encryption phases?
I'm running a untangle NG firewall with the following build:
Build: 9.4.2~svn20130830r35759release9.4-1lenny
Kernel: 2.6.26-2-untangle-686
Please forgive me because I'm about to betray my own ignorance in a big way.
The vendor has sent me the following list of requirements for the IPsec tunnel:
Quote:
Please have the following setup for VPN
Epicor Peer 205.173.226.150
Epicor Remote Subnet 10.240.1.0 /24
Phase 1
Esp,md5,3des
Phase 2
MD5 , 3des, NO PFS
When creating VPN Traffic must look like it is coming from 10.250.199.0/24
Either create Network int on your firewall for 10.250.199.1 /24 and Alias on Server 10.250.199.2
Also may need static route on server route add p 10.240.1.0 mask 255.255.255.0 10.250.199.1
That is if you use alias IP on both.
Or your firewall may allow NAT over VPN from network 192.168.1.0 /24 to 10.250.199.0/24 when traffic needs to go to 10.240.1.0 /24(Epicor)
unwiredipsec.PNG
We have naught but a single subnet here (192.168.1.0/24)
I believe the devices on the other end of this tunnel are Cisco but the guy has been very conservative with what he's willing to tell me about it, offering instead to sell me a new appliance for these purposes if I'm not smart enough to figure it out.
The web admin IPsec gui seems rather threadbare but I'm sure this box is up to the task. I'm especially at a loss when it comes to creating the network interface objects and/or the static route. I'm also not sure how to meet his phase 1 and phase 2 requirements without laying eyes on a configuration page that makes explicit reference to those things.
I guess my question is: Is the unwired up to the task at hand here (I'm sure it is, but who knows) and how do I configure the more advanced requirements specifically
Quote:
When creating VPN Traffic must look like it is coming from 10.250.199.0/24
Either create Network int on your firewall for 10.250.199.1 /24 and Alias on Server 10.250.199.2
Also may need static route on server route add p 10.240.1.0 mask 255.255.255.0 10.250.199.1