Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 863 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

is this possible?

QVICIO
i have one tunnel ipsec between 2 nets:

net1(internal->128.0.0.0/16, DMZ->10.0.0.0/8 [ mail server ], EXTERNAL->217.127.X.X)

net2 (internal -> 192.168.1.0/24, external -> 80.34.X.X)

This is the "VPN ROUTES" =>  1485       128.0.0.0/16:0     -> 192.168.1.0/24:0   

i need that net2(internal) access to net1(dmz) [mail server] under vpn  


Is this possible???

Thanks 


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to QVICIO
    Hi,

    so far I know: No.
    Use the solution bergy suggested.

    HTH

    Regards

    Udo Seiler 
  • 0 in reply to Udo_Seiler
    if i connect two tunnels in my box, the traffic in my gprs connection is high, and cost is high


    Any Solution? 
  • 0 in reply to QVICIO
    Hi QVICIO, 

    a second IPSec tunnel does not increase the traffic overhead much, as it only consumes bandwith during the rekeying process. If you want to save bandwith increase the IKE and IPSec SA lifetime this leads to fewer rekeyings.

    Store the Certificates on both machines, there for they don't need to be transfered during the IKE session.

    I also think that the two ipsec tunnel share the same IKE SA.

    If you wan't to save even more bandwith, use a smaller DH group and disable PFS, 
    but this also decreases the security of your ipsec connection.

    If all that is still not enough you can use SNAT in order to rewrite the packet prior entering the ipsec tunnel.

    Hope that helps, 
    regards
    Gert 
Cookie Information Banner