Problem accesing a remote network on the other side of a VPN

From:	=?iso-8859-1?Q?Igor_L=F3pez_de_Munain?= <Ilmunain at Ethernova dot com>
To:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	Problem accesing a remote network on the other side of a VPN
Date:	Wed, 14 Jun 2006 12:49:39 +0200
Hi all,

Hi have this configuration

    --------
    |Host 0|192.168.1.10/24
    --------
       |                            175.18.0.0/16--(Unknown Routing Network)
    --------------                                                 |
              |                                                    | 192.168.1.1/24|                
                                   |
          -------           88.Y.Y.75/24 -------   10.1.1.1/25 ---------                            
                                                           
          | MW0 |-----(Internet,VPN)-----| MW1 |---------------|CISCO01|
	    -------88.X.X.178/23           -------10.1.1.2/25    ---------
                                            |
                              192.168.2.1/24|  
                                            |
                                       ---------------------
		           	                  	|
							    -------
                                             |Host1|192.168.2.10/24
                                             -------


I have to Monowalls (Mw0 and Mw1) forming 2 IPSEC VPNs on WAN interface. The ISP's routers are in
bridge mode so the public 

static ips are asigned to the WAN interfaces of the monowalls (Ips 88.x.x.178/23 and 88.y.y.75/24)

MW0 has 2 interfaces:
LAN 192.168.1.1/24
WAN 88.x.x.178/23

MW1 has 3 interfaces:
LAN 192.168.2.1/24
WAN 88.y.y.75/24
OPT1 10.1.1.2/25


There are 2 vpns working
LOCAL NET/REMOTE NET: 192.168.1.0/24/192.168.2.0/24 Gateways: 88.x.x.178/88.y.y.75
LOCAL NET/REMOTE NET: 192.168.1.0/24/10.1.1.2/25 Gateways: 88.x.x.178/88.y.y.75


On the opt1 interface there is a Cisco router connected wich connects me to another network 
175.18.0.0/16. I want to access to that network from Host0 and from Host1. I have NOT access to this
router and i can ask to 

configure static routes on it. So i have enables advanced outbound NAT and put 3 NAT rules on MW1

Interface: WAN Source: 192.168.2.0/24
Interface: OPT1 Source: 192.168.2.0/24
Interface: OPT1 Source: 192.168.1.0/24


Right Now i can make these pings:
Host0 to Host1 OK
Host0 to Cisco01 (10.1.1.1/25) ok

Ok, my objetive is to get from Host0 to 175.18.0.0 network, so i have to give a route to Mw0 to tell
him that 175.18.0.0is 

reachable via interfaz (VPN??) and that nexhop is MW1.

I have tried this in different ways but i dont get it working.

I have tried:



Interface:WAN Dest Network: 175.18.0.0/16  Gw:88.Y.Y.75/24
Interface:WAN Dest Network: 175.18.0.0/16  Gw:10.1.1.1/25 
Interface:PPTP Dest Network: 175.18.0.0/16  Gw:88.y.y.75/24


I know that the nexthop must be always in the same network of the interface WAN of MW0 but i dont
know how to put this in an 

vpn case

Thnx all for any help

Igor