You can access server B via 10.10.10.3 but not 10.11.12.2, right? If so, you may really need to check your firewall's routing table.
--- mike t. ----- Original Message ---- From: jan gestre <[EMAIL PROTECTED]> To: Philippine Linux Users' Group (PLUG) Technical Discussion List <[email protected]> Sent: Thursday, August 23, 2007 7:59:39 PM Subject: Re: [plug] ipsec tunnel implementation On 8/23/07, Michael Tinsay <[EMAIL PROTECTED]> wrote: It seems that the firewall is not multihomed and is under server A's subnet. Can you multihome your firewall/VPN host? If yes, then this should solve your problem. If not, can you set up server B to be multihomed? Say eth0 for 10.11.12.2/24 and eth0:0 (or eth1 if you have a spare nic) for, say, 10.10.10.3/24 with the default gw on the 10.10.10.0/24 subnet. You then have to add an entry in the firewall's routing table that to go to subnet 10.11.12.0/24 forward packets to 10.10.10.3. server B is multihomed, i wonder why all traffic is routed to the cisco router, we also thought of using the second nic instead of multihoming eth0, but maybe in the future coz we can't afford any downtime. we can send packets to the 10.11.12.0 subnet but the outgoing packets goes to the cisco router instead of the firewall, hence vpn can't be established. i also have to see the firewall routing table because we cant access it right now, vpn is kinda broken, something must have change without our knowledge. ----- Original Message ---- From: jan gestre < [EMAIL PROTECTED]> To: Philippine Linux Users' Group (PLUG) Technical Discussion List < [email protected]> Sent: Thursday, August 23, 2007 1:49:58 PM Subject: Re: [plug] ipsec tunnel implementation On 8/22/07, jan gestre <[EMAIL PROTECTED] > wrote: On 8/22/07, Michael Tinsay < [EMAIL PROTECTED] > wrote: Are these IP networks in the same physical LAN structure? If so, you don't need IPSec, just a router. networks A and B are co-located remotely together with the gateway while network C is the H.O., actually VPN is already setup using site2site VPN of sonicwall firewall but the current setup doesn`t allow servers from network A, B and C to directly communicate, it still has to pass via gateway, is it possible to create a VPN between the three network mentioned? i'm updating the network information because i only got hold of the real diagram this morning: server A 10.10.10.2/24 ------------------| | |--------firewall -->VPN VPN <------ firewall --- HO server C 192.168.1.2/24 | server B 10.11.12.2/24 ------------------| 10.10.10.3/24 | | | |--------cisco router 10.11.12.0/24 pardon me for my drawing, anyways we have an existing VPN that connects server C to the remote office server A however we can't connect directly to server B without passing thru server A because all traffic on servers that have dual ip's goes to the cisco router, we don't have control over the cisco so is it possible to route traffic of server B to the firewall instead of the cisco router for us to achieve what we want? -- http://jangestre.wordpress.com _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph -- http://jangestre.wordpress.com
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
