IPSec between TIS Gauntlet and Raptor Eagle

Dale Lancaster dlancaster@raptor.com
Fri, 12 Jun 1998 20:38:01 -0500


> However, my desire is to create a configuration that
> corresponds with what TIS calls a "Private Semi-trusted Link"
> (the Raptor site trusts the Gauntlet site totally, but the
> tunnel should terminate at the external interface of the
> Gauntlet with all traffic being passed through the Gauntlet
> proxies).
>
> I believe that this implies that at the Gauntlet end that
> two IPSec definitions need to be made:
>    1) Gauntlet (210.42.42.1/32) to Raptor  (209.42.42.1/32)
>    2) Gauntlet (210.42.42.1/32) to network (10.42.42.0/24)
>
Based on your description, I am fairly certain that you need only one tunnel
(IPSEC in tunnel mode) definition with the endpoints defined (on each
firewall) as:

Secure Subnet = 210.42.42.1 Gateway=210.42.42.1
Secure Subnet = 10.42.42.0  Gateway=209.42.42.1

With these endpoints for the single tunnel, the expected results would be:

1.  Anybody behind the Raptor firewall will be able to telnet transparently
to the outside interface of the Gauntlet firewall and have the packets
encrypted.

2.  Anyone on the Gauntlet itself could telnet to the inside of the Raptor
firewall to the 10.42.42.0 network and have the packets encrypted.

3.  Anyone behind the Gauntlet should be able to telnet to 10.42.42.0 if
those packets are routed to the Gauntlet firewall, which should then
transparently proxy them (I think it supports transparent access through the
telnet proxy)and send them back down the stack and through the tunnel for
which it matched.

Let me know.
regards,
dale
==========================================================================
     Dale Lancaster           Director of Technical Marketing
     Raptor Systems           A Division of Axent Technologies
==========================================================================