diff options
Diffstat (limited to 'docs/configexamples')
| -rw-r--r-- | docs/configexamples/policy-based-ipsec-and-firewall.rst | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/docs/configexamples/policy-based-ipsec-and-firewall.rst b/docs/configexamples/policy-based-ipsec-and-firewall.rst index 9b7ba73a..2337c1ac 100644 --- a/docs/configexamples/policy-based-ipsec-and-firewall.rst +++ b/docs/configexamples/policy-based-ipsec-and-firewall.rst @@ -5,35 +5,35 @@ Policy-Based Site-to-Site VPN and Firewall Configuration -------------------------------------------------------- This guide shows an example policy-based IKEv2 site-to-site VPN between two -VyOS routers, and firewall configiuration. +VyOS routers, and firewall configuration. -For simplicity, configuration and tests are done only using ipv4, and firewall -configuration in done only on one router. +For simplicity, configuration and tests are done only using IPv4, and firewall +configuration is done only on one router. Network Topology and requirements ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This configuration example and the requirments consists on: +This configuration example and the requirments consists of: - Two VyOS routers with public IP address. - 2 private subnets on each site. -- Local subnets should be able to reach internet using source nat. +- Local subnets should be able to reach internet using source NAT. -- Communication between private subnets should be done through ipsec tunnel - without nat. +- Communication between private subnets should be done through IPSec tunnel + without NAT. - Configuration of basic firewall in one site, in order to: - - Protect the router on 'WAN' interface, allowing only ipsec connections - and ssh access from trusted ips. + - Protect the router on 'WAN' interface, allowing only IPSec connections + and SSH access from trusted IPs. - Allow access to the router only from trusted networks. - - Allow dns requests only only for local networks. + - Allow DNS requests only only for local networks. - - Allow icmp on all interfaces. + - Allow ICMP on all interfaces. - Allow all new connections from local subnets. @@ -203,7 +203,7 @@ And NAT Configuration: Checking through op-mode commands ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -After some testing, we can check ipsec status, and counter on every tunnel: +After some testing, we can check IPSec status, and counter on every tunnel: .. code-block:: none |