I have a need to setup the following topology at
several location connected via VPN tunnels.
NET1--RTR1--NET2--pfS1--{INET}--pfS2--NET3--RTR2--NET4
>--IPsec TUNNEL--<
NET1=10.10.10.0/24
NET2=192.168.100.0/24
NET3=192.168.200.0/24
NET4=10.10.20.0/24
I have a VPN tunnel nailed up between the two pfS
boxes w/ NET2 & NET3 on the "LAN" side. The pfS1
box has a static route to NET1 via RTR1 and pfS2
has a static route to NET4 via RTR2. The
"default" route on NET1 & NET4 is RTR1 & RTR2
respectively and RTR1 has a next hop of pfS1 and
RTR2's next hop is pfS2. So now that you have
your mind wrapped around that .... heres the
problem.
In order for NET1 hosts to reach NET3/4 hosts ....
"OR" NET4 hosts to reach NET1/2 hosts I am
assuming there has to be some static routes on the
pfS boxes.
I added the following static route on pfS1:
10.10.20.0/24{NET4} > 192.168.200.254{RTR2s NET3
IP}
I added the following static route on pfS2:
10.10.10.0/24{NET1} > 192.168.100.254{RTR1s NET2
IP}
My assumption is that pfS1 knows about NET3 and
pfS2 knows about NET2 via the tunnel. The problem
is that when I traceroute from a host on NET1 to a
host on NET4 pfS1 forwards the packets to the
internet instead of sending them through the
tunnel (and vice-versa from NET4 to NET1 pfS2
forwards the packets to the internet instead of
through the tunnel). I even added routes to the
RTR1/2 for the respective networks as well just to
test with and still no go. I must be missing
something simple here as I know that this can be
done as this is just packet routing. Maybe I
havent had enough coffee yet.
Any thoughts are greatly appreciated!!!
--
David L. Strout
Engineering Systems Plus, LLC
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
