Hello.
I want to set up tunnel between 2 networks
192.168.40.0/28 and 192.168.1.0/24 like bellow:
(a.a.a.a)pubIP<--(NAT)gw1<--172.16.0.0/12<--(NAT)gw2<--192.168.40.0/28
|
WAN
|
(b.b.b.b)pubIP<--(NAT)gw3<--192.168.1.0/24
i don't have access to 172.16.0.0/12 network and gw1
I was trying to set it up like this:
--gw2--
ipsecadm new esp -enc 3des -forcetunnel -src a.a.a.a -dst b.b.b.b \
-spi 1234 -key <somekey>
ipsecadm new esp -enc 3des -forcetunnel -src b.b.b.b -dst a.a.a.a \
-spi 4321 -key <somekey>
ipseaadm flow -src a.a.a.a -dst b.b.b.b
-addr 192.168.40.0/28 192.168.1.0/24 -out -require
ipseaadm flow -src a.a.a.a -dst b.b.b.b
-addr 192.168.1.0/24 192.168.40.0/28 -in -require
--gw3--
ipsecadm new esp -enc 3des -forcetunnel -src a.a.a.a -dst b.b.b.b \
-spi 1234 -key <somekey>
ipsecadm new esp -enc 3des -forcetunnel -src b.b.b.b -dst a.a.a.a \
-spi 4321 -key <somekey>
ipseaadm flow -src b.b.b.b -dst a.a.a.a
-addr 192.168.1.0/24 192.168.40.0/28 -out -require
ipseaadm flow -src b.b.b.b -dst a.a.a.a
-addr 192.168.40.0/28 192.168.1.0/24 -in -require
If for eg. i do ping 192.168.1.6 from 192.168.40.2 machine, on gw3
'netstat -sn' shows me 1 packet out and in for ESP, but nothing comes
back to me (192.168.40.2)...
pf isn't blocking any traffic.
Is it possible to build tunnel in that kind of network enviroment ?
Sorry for my english ;)
--
raff
