Hello all, I''m setting up (for the first time) IPsec and have a question I need to allow another location access to a specific server in our local network, and deny access to all other servers I have followed Tom''s IPsec tunnel guide and setup a vpn zone, but I don''t want to allow all traffic in both directions so I haven''t added a general policy for vpn. Would these rules be correct to forward ssh from the tunnel to the local server: ACCEPT vpn loc:192.168.x.x tcp 22 ACCEPT loc:192.168.x.x vpn tcp 22 Thank you for any help Graham -- Graham K. Dodd Director of Operations Falk & Ross GmbH Tel: 06301 717 0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Graham Dodd wrote:> > Would these rules be correct to forward ssh from the tunnel to the local > server: > > ACCEPT vpn loc:192.168.x.x tcp 22 > ACCEPT loc:192.168.x.x vpn tcp 22Those rules allow SSH sessions from the vpn zone to 192.168.x.x and also allow SSH sessions from 192.168.x.x to the VPN zone. - -Tom - -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ lists.shorewall.net/teastep.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Mozilla - enigmail.mozdev.org iD8DBQFBYrZNO/MAbZfjDLIRAsIuAKCLd4YYOgwlO3dlVN9zVU2LElVzQACfVisN Xe19IV991L1UJuHPY0Lcyi0=3YxR -----END PGP SIGNATURE-----