|
||||||||
Le Mardi 6 Décembre 2005 14:17, Adam Armstrong a écrit : > > From: "JT" <j dot tarot at tecsas dot fr> > > > > > I've no control on cisco (1700) routeurs which are managed by > > > the ISP. > > > > This could be a problem. You will need the cooperation of the > > ISP. > > > > > ATM, I've made the base setup so, from the m0n0wall interface, > > > I can ping the ciscos. But no chance from the LANs. > > > I've tried to add a rule that allow all trafic from "SDSL nets" > > > on opt1 interfaces to any... still unsuccessful. > > > > You need static routes to the Cisco routers for the other LAN. > > However, the > > Cisco routers also need those static routes. It sounds like the > > Cisco routers don't know about any of the 192.X.X.X addresses, so > > the packets stop > > there. Try a traceroute, and I bet you fail at the Cisco. > > Does your ISP allow you to inject routes into their CPE router via > a routing protocol? > Don't know... will ask tomorrow. > The standard way for an ISP to propagate customer routes across an > MPLS VPN is by using OSPF/RIP and then propagating them across it's > network using MP-BGP. Unfortunately m0n0wall, afaik, can't do any > dynamic routing, but if the ISP allows it, you might be able to > find a cheap router to stick between the CPE and m0n0wall or use > pfSense+zebra or something. > hmm, these are not_so_good news :'( > Is this just a simple point to point link? Or are there multiple > sites connected via it? Simple point to point link. Thanks Jé |