[clug] IPSec Question: Connecting outling sites via single head
office access point
Stephen Hodgman
steve at namsys.com.au
Sat Oct 2 01:52:37 GMT 2004
Can anyone help me with an IPSec question? I am new to this but have
been using snapgear units (basically an embedded linux firewall/VPN box
with simple browser based config) to connect remote sites to the head
office LAN with VPN access quite successfully. I am having a routing
issue though where I cannot route from remot office A to remote office B
I have Head Office (H) with a single snapgear VPN IPSec access point on
the internet. I have remote office (A) with internet access and a
snapgear IPSec access point. I also have remote office (B) with
internet access and a snapgear IPSec access point.
I have established IPSec connections from A ==> H and B ==> H. I can
route traffic on these links. i.e A==> H, H ==> A, B==>H, H==>B.
However, I am unable to directly route from A ==> B.
It seems that the IPSec access is not available from withing the IPSec
access point (Snapgear). the head office unit has network routes for A
and B to the ipsec device. I would have thought packets arriving from A
would use this routing to go out the ipsec device.
Is this a limit of IPSec? Interestingly, I notice that both these
routes use ipsec0 as only one ipsec device has been created.
Do I have to establish separate VPN links form A ==> B to do what I want?
If anyone can enlighten me I would be most appreciative.
Thanks
--
Steve Hodgman
Ph: +61 2 6285 3460
Fax: +61 2 6285 3459
Mobile: +61 407 182 355
steve at namsys.com.au
------------------------
This message and its attachments contain confidential information and may also contain legally privileged information. This message is intended solely for the named addressee. If you are not the addressee indicated in this message or have received this message in error, you may not copy or deliver any part of this message or its attachments to anyone or use any part of this message or its attachments. Instead, you should permanently delete this message and its attachments (and all copies) from your system and kindly notify the sender by reply e-mail. Any content of this message and its attachments that does not relate to the official business of Namadgi Systems must be taken not to have been sent or endorsed by the company or its management.
------------------------
More information about the linux
mailing list