[ previous ] [ next ] [ threads ]
 
 From:  "Holger Bauer" <Holger dot Bauer at citec dash ag dot de>
 To:  =?iso-8859-1?Q?Igor_L=F3pez_de_Munain?= <Ilmunain at Ethernova dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Problem accesing a remote network on the other side of a VPN
 Date:  Wed, 14 Jun 2006 13:30:28 +0200
> -----Original Message-----

> Sent: Wednesday, June 14, 2006 12:50 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: [m0n0wall] Problem accesing a remote network on the 
> other side
> of a VPN
> 
> 
> 
> Hi all,
> 
> Hi have this configuration
> 
>     --------
>     |Host 0|192.168.1.10/24
>     --------
>        |                            175.18.0.0/16--(Unknown 
> Routing Network)
>     --------------                                                 |
>               |                                               
>      | 192.168.1.1/24|                                        
>             |
>           -------           88.Y.Y.75/24 -------   
> 10.1.1.1/25 ---------                                         
>                                                
>           | MW0 |-----(Internet,VPN)-----| MW1 
> |---------------|CISCO01|
> 	    -------88.X.X.178/23           -------10.1.1.2/25   
>  ---------
>                                             |
>                               192.168.2.1/24|  
>                                             |
>                                        ---------------------
> 		           	                  	|
> 							    -------
>                                              |Host1|192.168.2.10/24
>                                              -------
> 
> 
> I have to Monowalls (Mw0 and Mw1) forming 2 IPSEC VPNs on WAN 
> interface. The ISP's routers are in bridge mode so the public 
> 
> static ips are asigned to the WAN interfaces of the monowalls 
> (Ips 88.x.x.178/23 and 88.y.y.75/24)
> 
> MW0 has 2 interfaces:
> LAN 192.168.1.1/24
> WAN 88.x.x.178/23
> 
> MW1 has 3 interfaces:
> LAN 192.168.2.1/24
> WAN 88.y.y.75/24
> OPT1 10.1.1.2/25
> 
> 
> There are 2 vpns working
> LOCAL NET/REMOTE NET: 192.168.1.0/24/192.168.2.0/24 Gateways: 
> 88.x.x.178/88.y.y.75
> LOCAL NET/REMOTE NET: 192.168.1.0/24/10.1.1.2/25 Gateways: 
> 88.x.x.178/88.y.y.75
> 

Add a 3rd tunnel between the same public IPs (as you successfully managed to add 2 parallel tunnels
I think you know how to set up identifiers and such):

MW0:
local net 192.168.1.0/24
remote net 175.18.0.0/16

MW1:
local net: 175.18.0.0/16 (!!!)
remote net 192.168.1.0/24

This is needed to have traffic going to 175.18.0.0/16 to be encapsulated inside a tunnel.

At MW1 add a static route for destination 175.18.0.0/16 with Gateway 10.1.1.1/25

> (...)


Holger

____________
Virus checked by G DATA AntiVirusKit