summaryrefslogtreecommitdiff
path: root/docs/configexamples/policy-based-ipsec-and-firewall.rst
diff options
context:
space:
mode:
authorRobert Göhler <github@ghlr.de>2024-04-09 21:16:11 +0200
committerGitHub <noreply@github.com>2024-04-09 21:16:11 +0200
commit41ae8650e696938ec5f7724e53da11ec5ad445cb (patch)
tree1283843b86e432a534ba868805fe357b0ba5f5f1 /docs/configexamples/policy-based-ipsec-and-firewall.rst
parentb260a098c89cc0b6bef2b7e0692642732e7573f5 (diff)
parent9718be4ccdba25a0f794d1fb9dc65f05ebd8364f (diff)
downloadvyos-documentation-41ae8650e696938ec5f7724e53da11ec5ad445cb.tar.gz
vyos-documentation-41ae8650e696938ec5f7724e53da11ec5ad445cb.zip
Merge pull request #1370 from Chrisc-c-c/patch-4
Policy-based-ipsec-and-firewall: Fixed typos and capitalisation.
Diffstat (limited to 'docs/configexamples/policy-based-ipsec-and-firewall.rst')
-rw-r--r--docs/configexamples/policy-based-ipsec-and-firewall.rst24
1 files changed, 12 insertions, 12 deletions
diff --git a/docs/configexamples/policy-based-ipsec-and-firewall.rst b/docs/configexamples/policy-based-ipsec-and-firewall.rst
index 9b7ba73a..2337c1ac 100644
--- a/docs/configexamples/policy-based-ipsec-and-firewall.rst
+++ b/docs/configexamples/policy-based-ipsec-and-firewall.rst
@@ -5,35 +5,35 @@ Policy-Based Site-to-Site VPN and Firewall Configuration
--------------------------------------------------------
This guide shows an example policy-based IKEv2 site-to-site VPN between two
-VyOS routers, and firewall configiuration.
+VyOS routers, and firewall configuration.
-For simplicity, configuration and tests are done only using ipv4, and firewall
-configuration in done only on one router.
+For simplicity, configuration and tests are done only using IPv4, and firewall
+configuration is done only on one router.
Network Topology and requirements
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-This configuration example and the requirments consists on:
+This configuration example and the requirments consists of:
- Two VyOS routers with public IP address.
- 2 private subnets on each site.
-- Local subnets should be able to reach internet using source nat.
+- Local subnets should be able to reach internet using source NAT.
-- Communication between private subnets should be done through ipsec tunnel
- without nat.
+- Communication between private subnets should be done through IPSec tunnel
+ without NAT.
- Configuration of basic firewall in one site, in order to:
- - Protect the router on 'WAN' interface, allowing only ipsec connections
- and ssh access from trusted ips.
+ - Protect the router on 'WAN' interface, allowing only IPSec connections
+ and SSH access from trusted IPs.
- Allow access to the router only from trusted networks.
- - Allow dns requests only only for local networks.
+ - Allow DNS requests only only for local networks.
- - Allow icmp on all interfaces.
+ - Allow ICMP on all interfaces.
- Allow all new connections from local subnets.
@@ -203,7 +203,7 @@ And NAT Configuration:
Checking through op-mode commands
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-After some testing, we can check ipsec status, and counter on every tunnel:
+After some testing, we can check IPSec status, and counter on every tunnel:
.. code-block:: none