Specifications
3
Firewall Administration System (FAS)
The Frankfurt branch should have full access to the internal network:
Local Subnet activated
Subnet Address 192.168.10.0/24
The location in Frankfurt has the IP 100.100.100.2. The Frankfurt
subnet should also be available in Nuremberg:
Fixed IP Address activated
IP Address 100.100.100.2
Remote Subnet activated
Subnet Address 192.168.11.0/24
3. Authentication
Authentication should take place with the certificates. For this reason,
the field “Authenticate with X.509 Certificates” is activated. With ‘Se-
lect’, the Frankfurt certificate “Firewall-fam” must be selected.
4. IP Filter
The branch in Frankfurt is considered trustworthy. For this reason, all
traffic through the tunnel is allowed.
5. Masquerading
Since no other internal subnets should have access to the VPN tunnel,
nothing needs to be configured here.
6. Destination NAT
Every computer may communicate with every other computer. This is
why no rules are required here.
In Munich, almost exactly the same configuration is required. For the sake of
clarity, here are the exact modifications:
1. General settings
Connection Name Firewall-Munich
2. VPN Connection
IP Address 120.120.120.1
Subnet Address 192.168.12.0/24
3. Authentication
The certificate “Firewall-muc” must be selected.
To conclude the VPN configuration, here is an example of the configuration
for the first sales representative. This is somewhat more complicated:
93SuSE Linux – Firewall on CD2