View Single Post
  #1   (View Single Post)  
Old 3rd July 2008
Bruco Bruco is offline
Fdisk Soldier
Join Date: May 2008
Location: Kalamazoo, MI, USA
Posts: 61
Default Point-to-Point VPN + Firewall + Router (sorta) - What should I use?

Here's the scenario:

I've got a number of remote sites that use a point-to-point VPN for WAN connectivity back to the data center. These are consistent tunnels with no restrictions provided by Cisco PIX firewalls (well, a newer one is an ASA).

Now I need another point-to-point VPN - but I can't buy anything. So I thought perhaps I could configure a couple FreeBSD boxes to act, well, pretty much in place of what a PIX would do.

I'll need the VPN between the two boxes, and firewall on at least one (one will be Internet-facing, the other I'm going to try putting in the DMZ of an existing PIX - but if that causes a problem with the VPN passthrough then it, too, will be Internet-facing). Internet traffic would also need to be filtered with firewall rules. And the second NIC on the boxes will need to be able to pass traffic to the inside network, of course. There's a router on the inside of both networks.

Alternatively, if I can establish a P2P VPN from a single FreeBSD box directly to an existing PIX 515, that would work too. But is that really as much fun?

So can I do this with existing ports for FreeBSD? If so, what recommendations do you folks have?

Reply With Quote