Haven't had my coffee yet ... *) couldn't you just be more explicit/specific in your ACLs when specifying interesting/matching traffic? ... IOW, don't summarize the whole range :)
(or - to go a step further, could you do the summarization but precede it with a deny that specifies the other VPN(s) IP's?) Thanks! TJ -----Original Message----- From: John Brandis [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 12:59 AM To: [EMAIL PROTECTED] Subject: VPN and wildcard masking [7:51342] Hi All. On a spare time job I do with a charity, I have a remote client, that is going to connect to our site via an IPSEC vpn tunnel. The problem is, that, if you can imagine the remote site as a hub site, and my site as site-b, that site-b is using internal networks that range from 172.16.0.0 - 172.32.0.0 which can easily be summarised as 172.16.0.0 0.15.255.255 ..The problem is that the hub site, has connections to other parts of the world, that use the same addressing scheme as my site, site-b. The question is, how do I get, if at all possible, the hub site, to filter traffic to the appropriate subnet. A real example of this is The hub site "needs" access to the following subnets in site-b * 172.17.3.0 * 172.17.1.0 * 172.17.9.0 Yet, they need access to subnets described below, that are on another completely seperate VPN * 172.17.20.0 * 172.17.21.0 How if possible can this be done ? Would the hub site, (the hub site is establinsh the connection) need to create a tunnel for each subnet they wish to route ? The equiptment in use is a Cisco 3005 VPN Accelerator and a watchguard firewall at the hub site..... Thanks all for your input John Sydney Australia ********************************************************************** visit http://www.solution6.com visit http://www.eccountancy.com - everything for accountants. UK Customers - http://www.solution6.co.uk ********************************************************************* This email message (and attachments) may contain information that is confidential to Solution 6. If you are not the intended recipient you cannot use, distribute or copy the message or attachments. In such a case, please notify the sender by return email immediately and erase all copies of the message and attachments. Opinions, conclusions and other information in this message and attachments that do not relate to the official business of Solution 6 are neither given nor endorsed by it. ********************************************************************* ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. ***************************************************************************** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51346&t=51342 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
