From: Sergey Esin (sergey.esin_at_orcsoftware.spb.ru)
Date: Tue Jul 30 2002 - 11:01:38 CEST
Hello!
Here's my scheme:
192.168.2.x/24 - <-192.168.2.2 | Linux 2.2.19 + FreeSWAN 1.95 |
123.123.123.123/24 ->
- cisco 1601 -- Internet -- cisco xxx - <-121.121.121.121 | Cisco PIX |
-> 121.121.121.x network
All appears to be fine (with hosts that have Cisco PIX as a default
gateway)
but it seems that some routes have to be added on rightside.
For example, I have mail/ssh/whatever.. server listening on
123.123.123.123. So when server
from 121.121.121.x network tries to send mail to 123.123.123.123 -
packets go via Internet
but replies (according route table on linux box) follow throught VPN
tunnel.
So comminucation fails.
But hosts 123.123.123.123 and 121.121.121.121 should comminicate via
Internet for VPN
tunnel to work.
Can I resolve problem by adding eth0:0 alias with one more IP address
from
123.123.123.123/24 pool (123.123.123.124 for example)
and adding two routes on rightside - one for allowing 123.123.123.124
to comminicate to 121.121.121.121 via Internet and one to communicate to
any other
hosts from 123.123.123.123/24 network via VPN tunnel?
Thanks,
Sergey
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.4 : Mon Aug 05 2002 - 21:01:34 CEST