This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

side-2-side ipsec with multiple subnets

Hi,

I have a problem connecting a ipsec tunnel to a draytek Router with multiple subnets in the remote side.

my side (192.168.222.x/24) - ASG220 (V8.3) => ipsec tunnel => Draytek (192.168.25.0/24) => 2. Drayrek (10.3.10/24)

So my option is to configure the 192.168.25.0 and 10.3.1.0 as remote networks and my 192.168.222.0 as internal network.
If I do that the phase 2 is only established for the 192.168.25.0 network.

The draytek routers are controlled by a different men. He says I have to route the 10.3.1.0 network through the tunnel.
Is that right?

I thought that I have to configure every subnet in the ipsec tunnel. Or is it possible to route other subnets through the ipsec tunnel?

And how I have to do this (if it is possible)?

Many thanks!

This thread was automatically locked due to age.

0 BAlfson over 12 years ago

In the DreyTek your ASG is connected to, the other guy must "offer" you the 10. network. It can't work any other way as, otherwise, you could hop anywhere in his network if you wanted to.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 gilester over 12 years ago

I have a similar set-up, although I have one subnet behind a Draytek router and two behind my UTM9 gateway.

I found the Draytek wasn't able to tunnel multiple subnets through a single IPSec connection, even though it has a promising-sounding "other subnets" configuration option.

Instead, I added two subnets under the "local networks" section of the configuration in UTM9 for my Draytek gateway connection. This created two SAs. I then created two VPN connections in the Draytek, one for each subnet. This worked.

I had to fiddle with the Draytek's keep-alive setting to persuade it to keep both VPNs up, but I did manage to get it reliable enough for my purposes.

Giles.
Cancel
Vote Up 0 Vote Down

Cancel