[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Connecting IPSec tunnels
Another potential problem is if you are using tunnel IP selectors then
IPSec may be limiting the packets that traverse the tunnel to only
those IP addresses specified in the selector. This is actually a
feature, to limit the traffic through a tunnel to only 'authorized'
addresses.
-derek
Lars Eggert <larse@ISI.EDU> writes:
> > Suppose a customer has three sites with gateway routers, respectively
> > A, B, C. He rents two tunnels A-B and B-C so that traffic between A
> > hosts and B hosts and between B hosts and C hosts is protected. Now,
> > the customer decides to protect traffic between A hosts and C hosts.
> > Instead of incurring the expense of renting a separate tunnel A-C, the
> > customer tries to "connect" the two tunnels. This should be possible
> > by modifying access lists. For example, at B, forward traffic from C
> > hosts to A hosts along the A-B tunnel. Unfortunately, an initial
> > experiment has been unsuccessful. We are continuing our investigation
> > but in the meantime, I would greatly appreciate any feedback.
>
> Could you please post your IPsec rules? Hard to tell what the problem is
> without more detail.
>
> Also, IPsec rules alone may not be enough. Enable IP forwarding on B and try
> using a static route.
>
> Lars
> --
> Lars Eggert <larse@isi.edu> Information Sciences Institute
> http://www.isi.edu/larse/ University of Southern California
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL N1NWH
warlord@MIT.EDU PGP key available
References: