elmore
July 16th, 2003, 18:48
ok I've been banging my head against the wall all day with this one. Here's the setup:
I have ISAKMPD running on three VPNS. Only one of those VPNS has a static public IP, the other VPNS pull their public IP's dynamically. Thus, they have passive connections to the VPN with the static IP. This works fine. In order to keep from having to continually update isakmp.conf files I was hoping to somehow route traffic from passive vpn to passive vpn through the static vpn. Make sense. This is quite different from the the three way template as it's not a mesh.
Here's a diagram:
[code:1:c51a6fef39]
LAN B---------->LAN A<------------<LAN C
10.1.1.0/24 10.1.2.0/24 10.1.3.0/24
GW-10.1.1.1 GW 10.1.2.1 GW 10.1.3.1
[/code:1:c51a6fef39]
so What I thought I needed to do was to do the following:
LAN B:
route add 10.1.2.0/24 10.1.1.1 (this works)
route add 10.1.3.0/24 10.1.2.1 (this does not)
LAN A
route add 10.1.1.0/24 10.1.2.1 (this works)
route add 10.1.3.0/24 10.1.2.1 (This works)
LAN C
route add 10.1.2.0/24 10.1.3.1 (this works)
route add 10.1.1.0/24 10.1.2.1 (this does not)
Anyone have any insight on why this wouldn't work. It works in my head!
Why doesn;t it work on the computer.
Given VPN's aren't inherently transitive I've always done meshes in the past.
I'm trying to work on a routing solution through the vpn. Is this even possible?
I have ISAKMPD running on three VPNS. Only one of those VPNS has a static public IP, the other VPNS pull their public IP's dynamically. Thus, they have passive connections to the VPN with the static IP. This works fine. In order to keep from having to continually update isakmp.conf files I was hoping to somehow route traffic from passive vpn to passive vpn through the static vpn. Make sense. This is quite different from the the three way template as it's not a mesh.
Here's a diagram:
[code:1:c51a6fef39]
LAN B---------->LAN A<------------<LAN C
10.1.1.0/24 10.1.2.0/24 10.1.3.0/24
GW-10.1.1.1 GW 10.1.2.1 GW 10.1.3.1
[/code:1:c51a6fef39]
so What I thought I needed to do was to do the following:
LAN B:
route add 10.1.2.0/24 10.1.1.1 (this works)
route add 10.1.3.0/24 10.1.2.1 (this does not)
LAN A
route add 10.1.1.0/24 10.1.2.1 (this works)
route add 10.1.3.0/24 10.1.2.1 (This works)
LAN C
route add 10.1.2.0/24 10.1.3.1 (this works)
route add 10.1.1.0/24 10.1.2.1 (this does not)
Anyone have any insight on why this wouldn't work. It works in my head!
Why doesn;t it work on the computer.
Given VPN's aren't inherently transitive I've always done meshes in the past.
I'm trying to work on a routing solution through the vpn. Is this even possible?