Re: [plug] ipsec tunnel implementation

[Michael Tinsay]

It seems that the firewall is not multihomed and is under server A's subnet.

Can you multihome your firewall/VPN host?  If yes, then this should solve your 
problem.

If not, can you set up server B to be multihomed?  Say eth0 for 10.11.12.2/24 
and eth0:0 (or eth1 if you have a spare nic) for, say, 10.10.10.3/24 with the 
default gw on the 10.10.10.0/24 subnet.  You then have to add an entry in the 
firewall's routing table that to go to subnet 10.11.12.0/24 forward packets to 
10.10.10.3.


--- mike t.


----- Original Message ----
From: jan gestre <[EMAIL PROTECTED]>
To: Philippine Linux Users' Group (PLUG) Technical Discussion List 
<plug@lists.linux.org.ph>
Sent: Thursday, August 23, 2007 1:49:58 PM
Subject: Re: [plug] ipsec tunnel implementation



On 8/22/07, jan gestre <[EMAIL PROTECTED]> wrote:


On 8/22/07, Michael Tinsay <
[EMAIL PROTECTED]> wrote:
Are these IP networks in the same physical LAN structure?  If so, you don't 
need IPSec, just a router.







networks A and B are co-located remotely together with the gateway while 
network C is the H.O., actually VPN is already setup using site2site VPN of 
sonicwall firewall but the current setup doesn`t allow servers from network A, 
B and C to directly communicate, it still has to pass via gateway, is it 
possible to create a VPN between the three network mentioned?




i'm updating the network information because i only got hold of the real 
diagram this morning:

server A 
10.10.10.2/24 ------------------|
                                                   |
                                                   |--------firewall -->VPN     
 VPN <------ firewall --- HO server C 
192.168.1.2/24
                                                   |
server B 10.11.12.2/24 ------------------|
              
10.10.10.3/24                  |
                                                    |
                                                    |
                                                    |--------cisco router 
10.11.12.0/24


pardon me for my drawing, anyways we have an existing VPN that connects server 
C to the remote office server A however we can't connect directly to server B 
without passing thru server A because all traffic on servers that have  dual 
ip's goes to the cisco router, we don't have control over the cisco so is it 
possible to route traffic of server B to the firewall instead of the cisco 
router for us to achieve what we want?


-- 
http://jangestre.wordpress.com




_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug@lists.linux.org.ph (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph