News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: M0nowall / Sonicwall ipsec and rules help
Pages: [1]
Topic: M0nowall / Sonicwall ipsec and rules help  (Read 1783 times)
« on: December 20, 2012, 17:53:19 »
dartadmin *
Posts: 2
I am with a company that was just bought out by another.  The parent company uses Sonicwall and we have the M0nowall 1.33 here.  We are able to successfully create the IPSEC tunnel and the 2 routers are connected and communicationg according to the logs.  I am still learning about routers and firewalls in general, and not exactly sure how to setup the rules for the NAT.  Their internal subnet is 192.168.0.0/21 our subnet is 192.168.1.0/24.  They setup their Sonicwall to NAT from his 192.168.0.0/21 to a 10.254.0.0/21 range.  He then assigned 10.253.1.0/24 as the NAT address for our subnet.  In reading the manual and help pages, I am looking for a basic guide or at least where i should be setting up these rules.  So coming in on the WAN port on my M0n0wall through the IPSEC tunnel i should see addresses from 10.254.0.0/21 correct?  and they would see packets coming from my M0n0wall on the 10.253.1.0/24 subnet? what rules need to be established on the M0nowall to allow this "double-NAT" to take place?  The Sonicwall appears to be working correctly according to logs on the Sonicwall. but not on ours.
if i need to give more details or if you have questions, glad to provide what i can.

Thanks for any help you can give.
« Reply #1 on: December 20, 2012, 20:52:45 »
Fred Grayson *****
Posts: 994
One thing you should consider is that 192.168.0.0/21 = 192.168.0.0 - 192.168.7.255. This overlaps your own 192.168.1.0/24. I would expect this situation to cause difficulty as the internal networks must be different and they are not.

I wouldn't worry about rules until you have addressed the above as either being a non-problem or a problem that you have solved first.
--
Google is your friend and Bob's your uncle.
« Reply #2 on: December 20, 2012, 21:23:32 »
dartadmin *
Posts: 2
That was the issue i was addressing through here.  was going to post that we got it working.  ie, the question was how do i setup double-nat in m0n0wall.  we ended up doing double nat on parent company side and now all is well.  anything on the 192.168.0.0 looks to me like 10.254.0.0 and vice versa i look like 10.253.1.0.  this allows us to start integration without have to kill my network to do that.  thanks for the reply, sorry i wan't more clear on the questions.  if there is way to do that on the m0nowall, i would still appreciate the setup config to use. we don't need it, but the geek in me still wants to know if and how to do it, LOL

thanks again
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines