vyos/vyos-documentation
1
0
Fork 0
mirror of https://github.com/vyos/vyos-documentation.git synced 2025-12-15 18:12:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Policy-based-ipsec-and-firewall: Fixed typos and capitalisation.

Browse Source
This commit is contained in:
Chrisc-c-c 2024-04-09 15:50:41 +01:00 committed by GitHub
parent b260a098c8
commit 9718be4ccd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
docs/configexamples/policy-based-ipsec-and-firewall.rst
View File

@ -5,35 +5,35 @@ Policy-Based Site-to-Site VPN and Firewall Configuration
--------------------------------------------------------
This guide shows an example policy-based IKEv2 site-to-site VPN between two
VyOS routers, and firewall configiuration.
VyOS routers, and firewall configuration.
For simplicity, configuration and tests are done only using ipv4, and firewall
configuration in done only on one router.
For simplicity, configuration and tests are done only using IPv4, and firewall
configuration is done only on one router.
Network Topology and requirements
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
This configuration example and the requirments consists on:
This configuration example and the requirments consists of:
- Two VyOS routers with public IP address.
- 2 private subnets on each site.
- Local subnets should be able to reach internet using source nat.
- Local subnets should be able to reach internet using source NAT.
- Communication between private subnets should be done through ipsec tunnel
without nat.
- Communication between private subnets should be done through IPSec tunnel
without NAT.
- Configuration of basic firewall in one site, in order to:
- Protect the router on 'WAN' interface, allowing only ipsec connections
and ssh access from trusted ips.
- Protect the router on 'WAN' interface, allowing only IPSec connections
and SSH access from trusted IPs.
- Allow access to the router only from trusted networks.
- Allow dns requests only only for local networks.
- Allow DNS requests only only for local networks.
- Allow icmp on all interfaces.
- Allow ICMP on all interfaces.
- Allow all new connections from local subnets.
@ -203,7 +203,7 @@ And NAT Configuration:
Checking through op-mode commands
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
After some testing, we can check ipsec status, and counter on every tunnel:
After some testing, we can check IPSec status, and counter on every tunnel:
.. code-block:: none