On Mon, 15 Nov 2004, Juan Nin wrote:
> Hi!
>
> I'm testing IPSec tunnels, having the following test schemma:
>
> Host A - eth0: 192.168.1.67
> eth1: 192.168.10.1
>
> Host B - eth0: 192.168.1.254
> eth1: 192.168.20.1
>
>
> I've succesfully configured an IPSec tunnel in order to safely communicate
> from 192.168.10.0/24 (which is obviously behind Host A), and 192.168.20.0/24
> (obviously behind Host B)
>
> In this test schema, both Hosts are Linux machines.
>
> Now, I have to setup an IPSec tunnel with a third party. They will be using a
> Cisco router to enable IPSec, being their private LAN which will communicate
> with mine, behind that Csico.
>
> Supposing Host A was their Cisco router... is it possible to make the tunnel
> in order to communicate 192.168.10.0/24 directly to 192.168.1.254?
>
> I mean, I want to run my application which will communicate with this third
> party on the same host which will implement the IPSec.
>
> With the actual configuration, if I origin some traffic to be sent to
> 192.168.10.0/24, direcly from Host B, it will try to go out using
> 192.168.1.254 as source IP address, and it doesn't reach it's destination,
> since the tunnel works if the source address belongs to 192.168.20.0/24
>
> So, is it possible to do what I want?? Origian my traffic to 192.168.10.0/24
> directly from Host B, using IPSec?
>
> Is it a matter of my IPSec conf, or I must do some NAT trick or something to
> achieve this??
What you actualy have is a
Subnet <-> Subnet tunnel
To be able to communicate to or from the tunnel gateway itself
to a subnet on the other side or to the gateway on the other side
is a additional tunnel(s)
Host <-> Subnet
Subnet <-> Host
Host <-> Host
This is the usualy way to setup this, no routing/rewriting tricks.
Simply add as mutch tunnels you need :)
greets,
Tami
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
