I have a need to setup the following topology at several location connected via VPN tunnels.
NET1--RTR1--NET2--pfS1--{INET}--pfS2--NET3--RTR2--NET4 >--IPsec TUNNEL--< NET1=10.10.10.0/24 NET2=192.168.100.0/24 NET3=192.168.200.0/24 NET4=10.10.20.0/24 I have a VPN tunnel nailed up between the two pfS boxes w/ NET2 & NET3 on the "LAN" side. The pfS1 box has a static route to NET1 via RTR1 and pfS2 has a static route to NET4 via RTR2. The "default" route on NET1 & NET4 is RTR1 & RTR2 respectively and RTR1 has a next hop of pfS1 and RTR2's next hop is pfS2. So now that you have your mind wrapped around that .... heres the problem. In order for NET1 hosts to reach NET3/4 hosts .... "OR" NET4 hosts to reach NET1/2 hosts I am assuming there has to be some static routes on the pfS boxes. I added the following static route on pfS1: 10.10.20.0/24{NET4} > 192.168.200.254{RTR2s NET3 IP} I added the following static route on pfS2: 10.10.10.0/24{NET1} > 192.168.100.254{RTR1s NET2 IP} My assumption is that pfS1 knows about NET3 and pfS2 knows about NET2 via the tunnel. The problem is that when I traceroute from a host on NET1 to a host on NET4 pfS1 forwards the packets to the internet instead of sending them through the tunnel (and vice-versa from NET4 to NET1 pfS2 forwards the packets to the internet instead of through the tunnel). I even added routes to the RTR1/2 for the respective networks as well just to test with and still no go. I must be missing something simple here as I know that this can be done as this is just packet routing. Maybe I havent had enough coffee yet. Any thoughts are greatly appreciated!!! -- David L. Strout Engineering Systems Plus, LLC --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]