dave at rodrig dot com wrote:
> maybe it's just late, but i lost you about halfway through (I've read it
> several times...)
> At first it seems like you're trying to go into your LAN (from the DMZ),
> then it seems as if you're talking about the other direction....a diagram
> might help.
No, I re-read my message, and it's certainly NOT clear. I guess it was
late when I wrote it. Let me start again.
I have an Optional interface, that I want to be able to go through my
VPN (which is IPSEC) to another location. It is on a seperate subnet
than my LAN (192.168.2.1), and the VPN is set up to establish from my
LAN subnet to the other internal subnet (192.168.1.1) at a different
location. Now, I've tried setting up an additional VPN from the Opt
subnet (192.168.100.1), to the network on the other side, and racoon
seems to just ignore it. It never tries to establish at all. Maybe
there is a limitation on how many tunnels can go to a single location?
That being the case, I tried to route traffic to the remote subnet from
my Opt1 subnet through the LAN interface. This is where the problem
comes in. If I put in a route that says:
If from Opt interface, destined for the 192.168.1.0/24 network, go
it doesn't work. I didn't really expect it to, but thought I'd give it
a try. The funny thing is, if I tracert from the 192.168.100.0/24
network, to the 192.168.1.0/24 network, the tracert goes nowhere, not
even to the gateway of 192.168.2.1 as I specified. Without the route,
it tries to go directly out the WAN interface (which it probably
should), but obviously doesn't get very far because it's a private network.
Is there a way to get this to work that anyone can think of? I really
need to get from the 192.168.100.0/24 network to the 192.168.1.0/24
network any way I can. A 2nd VPN seemed the first logical choice, but
when I set it up, nothing happens, not even an attempt to connect. Is
there a way to route this traffic so it can reach the 192.168.1.0/24
network through the VPN that does work?