Hi,
I sorted out the problem we were having with being unable to route between remote networks via the IPSEC VPN. It was down to the testing machines in the UK being on a seperate subnet 'piggybacking' on the same segment of the subnet that was routing over the tunnel (doh!) - though my excuse was that it wouldn't route from the ASL box either...[:)]
Anyway. now I know what's happening I've got to try to sort it out...
The UK network has a 192.168.0.0 subnet on eth0 (internal). Thie ASL's internal NIC has a second address (call it 172.16.0.0) on a 'virtual interface' eth2. (don't ask why - too compilcated for now).
The 192.168.0.0. subnet routes fine over the IPSEC tunnel but the 172.16.0.0 doesa not (I would think down to the subnet on the US end not knowing how to route it).
Anyway. As the UK Internet connection has a complicated ISP's NAT to go through, the UK side is implemented on the US side as a dynamically assigned IP address so T_NAT can work. And in the configuration for this, the subnet for the UK is assigned - 192.168.0.0.
The problem is in trying to establish the route on the US ASL box for the UK's 172.16.0.0 subnet. There is no place in the IPSEC connection configuration on the US side for multiple remote subnets on the remote side - just the one. Also, I can't add a general static route as the static routing screen won't let the route be established against the IPSEC interface.
Any ideas very welcome.
Thanks
Norwich
This thread was automatically locked due to age.
