-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 9/3/07 3:28 PM, Paolo Supino wrote: > Hi David > > It's true that all IP addresses are in the 10.x.x.x private address > space that isn't supposed to be routed on the Internet, but in all the > connections over the Internet the only visible addresses are the > public ones (otherwise the VPNs wouldn't be working): Main and branch > office public IP addresses and what ever the road warriors receive when > connecting their laptops, either at home or at a client's site. > The branch's firewall NATs the branch office 10.x.x.x address space > on its external interface, but I don't see how that would cause routing > problems between the 2 VPNs.
Per Stuart's suggestion, check your VPN clients' routing tables with "netstat -f inet -nr | more" and determine whether they have a path to your main office. Same thing for servers at the main office trying to reach the VPN clients. traceroute might be helpful (or might not; lots of places filter ICMP). dn iD8DBQFG3IxEyPxGVjntI4IRAj6MAKD5KMLoU74rea9P8HyApe8hS5nHmgCeLbco +W9hUUKEAvhqCZM9ktKErd4= =h5aK -----END PGP SIGNATURE-----