It would be helpful to see the configs, but my quess would be that the packet coming from C does not match the "local-subnet" and/or "remote-subnet" configuration on B, so it's not getting put in the tunnel. If C has a different subnet you may need to add another tunnel or if this is all internal you might try the any subnet 0.0.0.0.
stig _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thomas Sent: Monday, October 15, 2007 2:19 PM To: [EMAIL PROTECTED] Subject: [Vyatta-users] Implementing IPsec across two points with staticrouting Greetings folks, I'm a new vyatta user and we've been trying to do some testing internally to determine whether or not Vyatta may be a candidate to replace some of our routers out in the field. Recently we were pleased by the ease of setting up IPsec tunnels, but we ran into one little snag in our testing environment. We currently had three routers configured, we'll call them A, B, and C. All three of these Vyatta installations have PC's behind them. Routers A & B were connected with IPsec tunnels, and each private network could speak the other. Router C was directly connected to router B. All three were configured to talk to each other via static routes. When C wanted to speak to A's network, she could ping both the external and internal vyatta interfaces, but couldn't seem to reach the LAN PC's connected behind A. Traceroutes for the failed pings indicated that the packets seemed to die at Router B, never even getting forwarded over towards Router A-- but again, only when trying to get to the LAN PC's. Is this a bad setup that we botched in some way, or perhaps something else like the lack of GRE or routing with IPsec in general? Let me know if anyone needs further information or some pasted configurations. -Thomas _____ Check <http://us.rd.yahoo.com/evt=51201/*http:/autos.yahoo.com/new_cars.html;_yl c=X3oDMTE5NWVzZGVyBF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDYXV0b3MtbmV3Y2Fy %0d%0a> out the hottest 2008 models today at Yahoo! Autos.
_______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
