Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1214 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ipsec between two firewalls that both have dynamic

William Warren
how can i setup the astaro box to setup an ipsec connection to naother ipsec firewall when both public ip's are dynamic?  This is ASL v4.  Would setting up the connection on astaro's side as a roadwarror be the way to go?  If this has been answered before let me know via a link.  I have read hte manual and jsut am not figuring it out..[:)]


This thread was automatically locked due to age.
Parents
  • 0
    afaik that's a no go with version 4 because you don't have any kind of dynamic objects.

    Greetings
    cyclops
  • 0 in reply to cyclops
    [ QUOTE ]
    afaik that's a no go with version 4 because you don't have any kind of dynamic objects.

    Greetings
    cyclops 

    [/ QUOTE ]

    ok what if the remote network has a static ip and astaro has a dynamic ip?  could it work then?

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

  • 0 in reply to William Warren
    yes of course, configure the remote gateway as 'dynamic' and use RSA or X.509 certs to authenticate. Only the dynamic side will be able to initiate a vpn connection.

    I have reread your article - I am talking about 2 Astaros. If the remote firewall isn't an Astaro I don't know if it supports VPNs over dynamic endpoints.


    Greetings
    cyclops
Reply
  • 0 in reply to William Warren
    yes of course, configure the remote gateway as 'dynamic' and use RSA or X.509 certs to authenticate. Only the dynamic side will be able to initiate a vpn connection.

    I have reread your article - I am talking about 2 Astaros. If the remote firewall isn't an Astaro I don't know if it supports VPNs over dynamic endpoints.


    Greetings
    cyclops
Children
  • 0 in reply to cyclops
    good the astaro is the dynamic side(the client is behind the astaro firewall wanting to access his fileserver at his office and be able to map a drive) could i jsut use an ipsec client on the remote workstation and jsut enable nat-t on the astaro box right?

    Owner:  Emmanuel Technology Consulting

    http://etc-md.com

    Former Sophos SG(Astaro) advocate/researcher/Silver Partner

    PfSense w/Suricata, ntopng, 

    Other addons to follow

Cookie Information Banner