From: Ken Bantoft (ken_at_freeswan.ca)
Date: Mon Dec 09 2002 - 19:19:25 CET
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 9 Dec 2002, martin f krafft wrote:
> also sprach Ken Bantoft <ken_at_freeswan.ca> [2002.12.07.0614 +0100]:
> > Umm... You CAN route between tunnels. I've been doing it for years.
>
> so it just has to be static, is that all?
>
> why doesn't it work with road warriors, given that i configure routing
> on the road warrior site correctly?
It depends on your situation. If you use DHCP over IPSec, and assign RW's
local IP addresses, the no real extra config needed.
But if you have say:
24.24.24.24 (Cable User)]-------\
\
----[SGW]---[10.0.0.0/8]
/
65.65.65.65 (DSL User)]---------/
In a traditional RW config, Cable user would only have an eroute for
10.0.0.0/8. So his/her traffic to 65.65.65.65 wouldn't go over the
tunnel. If you wanted, you could set the tunnel for 0.0.0.0/0 (like
WaveSec) and then all traffic would hit the Secure GW first, in which case
you'd have tunnel to tunnel traffic.
- --
Ken Bantoft The Unoffical FreeS/WAN Site:
ken_at_freeswan.ca http://www.freeswan.ca
PGP Key: finger ken_at_bantoft.org
"We can factor the number 15 with quantum computers. We
can also factor the number 15 with a dog trained to bark
three times." -- Robert Harley, 5/12/01, Sci.crypt
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBPfTer1iWUusaxGxpAQEK9wP/eJC53muNP89sS3bT6mBKC1qNWZwgt+jR
bJS0xnrXAv7xjSDEvIDy/x0SAe1Eo4cREwS+uPqSBs9S2eBwlHntFgRwWnh/Km+o
HjYSLYGRov9B/bvFqqp4ygKSDhEQzcq0fU4Hxo2I0Q56U6jpKUK+ZKkQG5y7bWen
vw8x9JZfTVI=
=Bjpg
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Tue Dec 10 2002 - 05:21:07 CET