[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Connecting IPSec tunnels

To: Sanjai Narain <narain@research.telcordia.com>, <ipsec@lists.tislabs.com>
Subject: Re: Connecting IPSec tunnels
From: Lars Eggert <larse@ISI.EDU>
Date: Wed, 06 Sep 2000 08:18:24 -0700
In-Reply-To: <200009060318.XAA09868@flash.research.telcordia.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Microsoft-Outlook-Express-Macintosh-Edition/5.02.2022

> Suppose a customer has three sites with gateway routers, respectively
> A, B, C. He rents two tunnels A-B and B-C so that traffic between A
> hosts and B hosts and between B hosts and C hosts is protected. Now,
> the customer decides to protect traffic between A hosts and C hosts.
> Instead of incurring the expense of renting a separate tunnel A-C, the
> customer tries to "connect" the two tunnels. This should be possible
> by modifying access lists. For example, at B, forward traffic from C
> hosts to A hosts along the A-B tunnel. Unfortunately, an initial
> experiment has been unsuccessful. We are continuing our investigation
> but in the meantime, I would greatly appreciate any feedback.

Could you please post your IPsec rules? Hard to tell what the problem is
without more detail.

Also, IPsec rules alone may not be enough. Enable IP forwarding on B and try
using a static route.

Lars
-- 
Lars Eggert <larse@isi.edu>                   Information Sciences Institute
http://www.isi.edu/larse/                  University of Southern California

Follow-Ups:

Re: Connecting IPSec tunnels

From: Derek Atkins <warlord@mit.edu>

References:

Connecting IPSec tunnels

From: Sanjai Narain <narain@research.telcordia.com>

Prev by Date: IKE Delete payloads (clarification)
Next by Date: Re: Connecting IPSec tunnels
Prev by thread: Connecting IPSec tunnels
Next by thread: Re: Connecting IPSec tunnels
Index(es):
- Main
- Thread