diff options
author | Robert Göhler <github@ghlr.de> | 2024-04-09 21:16:11 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-04-09 21:16:11 +0200 |
commit | 41ae8650e696938ec5f7724e53da11ec5ad445cb (patch) | |
tree | 1283843b86e432a534ba868805fe357b0ba5f5f1 /docs/configexamples/policy-based-ipsec-and-firewall.rst | |
parent | b260a098c89cc0b6bef2b7e0692642732e7573f5 (diff) | |
parent | 9718be4ccdba25a0f794d1fb9dc65f05ebd8364f (diff) | |
download | vyos-documentation-41ae8650e696938ec5f7724e53da11ec5ad445cb.tar.gz vyos-documentation-41ae8650e696938ec5f7724e53da11ec5ad445cb.zip |
Merge pull request #1370 from Chrisc-c-c/patch-4
Policy-based-ipsec-and-firewall: Fixed typos and capitalisation.
Diffstat (limited to 'docs/configexamples/policy-based-ipsec-and-firewall.rst')
-rw-r--r-- | docs/configexamples/policy-based-ipsec-and-firewall.rst | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/docs/configexamples/policy-based-ipsec-and-firewall.rst b/docs/configexamples/policy-based-ipsec-and-firewall.rst index 9b7ba73a..2337c1ac 100644 --- a/docs/configexamples/policy-based-ipsec-and-firewall.rst +++ b/docs/configexamples/policy-based-ipsec-and-firewall.rst @@ -5,35 +5,35 @@ Policy-Based Site-to-Site VPN and Firewall Configuration -------------------------------------------------------- This guide shows an example policy-based IKEv2 site-to-site VPN between two -VyOS routers, and firewall configiuration. +VyOS routers, and firewall configuration. -For simplicity, configuration and tests are done only using ipv4, and firewall -configuration in done only on one router. +For simplicity, configuration and tests are done only using IPv4, and firewall +configuration is done only on one router. Network Topology and requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This configuration example and the requirments consists on: +This configuration example and the requirments consists of: - Two VyOS routers with public IP address. - 2 private subnets on each site. -- Local subnets should be able to reach internet using source nat. +- Local subnets should be able to reach internet using source NAT. -- Communication between private subnets should be done through ipsec tunnel - without nat. +- Communication between private subnets should be done through IPSec tunnel + without NAT. - Configuration of basic firewall in one site, in order to: - - Protect the router on 'WAN' interface, allowing only ipsec connections - and ssh access from trusted ips. + - Protect the router on 'WAN' interface, allowing only IPSec connections + and SSH access from trusted IPs. - Allow access to the router only from trusted networks. - - Allow dns requests only only for local networks. + - Allow DNS requests only only for local networks. - - Allow icmp on all interfaces. + - Allow ICMP on all interfaces. - Allow all new connections from local subnets. @@ -203,7 +203,7 @@ And NAT Configuration: Checking through op-mode commands ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -After some testing, we can check ipsec status, and counter on every tunnel: +After some testing, we can check IPSec status, and counter on every tunnel: .. code-block:: none |