This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing through VPNs

Hi all,

can anyone spread some light over my confusion. Here goes:

I have two sites connected via a VPN, site A and site B.

Site A:
ASL 5.206
Inside: 192.168.10.0/24
DMZ: 192.168.11.0/24

Site B:
ASL 5.206
Inside: 192.168.110.0/24

The VPN terminates from Site A Inside LAN to Site B Inside LAN. Strict routing policy is turned off.

I cannot reach the Site A DMZ from Site B LAN. Following is a line from the Kernel Routing Table on Site B:
192.168.11.0/24 via 192.168.10.1 dev ipsec0
That route is manually entered.

If i supernet both nets on Site A (192.168.10.0/23) and terminate the VPN there it all works fine, except that I cannot use the firewall rules from Site B LAN to Site A DMZ.

What am I doing wrong? Shouldn't there be a function to advertise routes to other VPNs?

Regards,
Bouncer

This thread was automatically locked due to age.

Parents

0 NimmdirKeks over 20 years ago

Hi,

you need another tunnel to/from your DMZ. Just copy the first tunnel and change the local/remote network section.

Chris
Cancel
Vote Up 0 Vote Down

Cancel
0 Bouncer over 20 years ago in reply to NimmdirKeks

Ahh... ok... so...

If I have, let's say, 200 networks behind my central ASL, then all the remote offices needs 200 tunnels each? Is that scalable? Or do I use another solution then? Shouldn't ASL at least be able to understand RIP or OSPF?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Bouncer over 20 years ago in reply to NimmdirKeks

Ahh... ok... so...

If I have, let's say, 200 networks behind my central ASL, then all the remote offices needs 200 tunnels each? Is that scalable? Or do I use another solution then? Shouldn't ASL at least be able to understand RIP or OSPF?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 ReD-MaN over 20 years ago in reply to Bouncer

Regardless whether it can or can't, traffic can not flow over a tunnel without the addresses on both ends being defined in the tunnel creation.

So if you only have a tunnel up for 192.168.1.x -- 192.168.2.x, only traffic from one of those subnets will be able to flow over the tunnel. Traffic from 192.168.3.x will not be able to.
Cancel
Vote Up 0 Vote Down

Cancel
0 Bouncer over 20 years ago in reply to ReD-MaN

I understand.

I was working with two Sonicwalls earlier and there you just specified which nets were on which sides. I guess what it did was just to make the appropriate tunnels in the background. Thanks for your replies guys.

/Bouncer
Cancel
Vote Up 0 Vote Down

Cancel