> > > I'm wondering if I need to NAT the traffic before sending it, so
> > > that the remote end only see's the VPN endpoint it is aware of...
> > >
> > > Not sure how to glue it all together though...
> > >
> > > m/
> > Just in case it's the abscence of a picture that's keeping me
> > from finding
> > an answer... ;-)
> > PC A ---> MONO A ---> INTERNET ---> IPSEC ---> MONO C ---> PC C
> > ^
> > PC B ---> MONO B ---> INTERNET ---> IPSEC ------/
> > So with this config, PC A can communicate with PC C acter
> > establishing an
> > IPSEC tunnel.
> > PC B can also see PC C after the same setup...
> > What I need to do is allow PC A to see PC B THROUGH MONO C -
> > like I'm trying
> > to route over IPSEC.
> > Haven't had any luck yet...
> > Ideas? Is it possible?
> > Thanks again...
> Are you able to reach m0n0 A from m0n0 B (ping) and vice-versa?
> Did you try adding static routes to m0n0 A and B for PC A and PC B
> (like on m0n0 B: dest=PC A gw=m0n0 A and on m0n0 A: dest=PC B gw=m0n0 B)?
Thanks Joachim - but that's the whole point of the problem... A can't see B,
B can't see A. This is an ADSL over ATM limitation caused the way ATM point
to point links are generated - they don't allow network broadcast, only
point to point, or in this case one modem to the router - TCP doesn't send
to the router (and even if it did I'd expect the router would probably
ignore the traffic cause it SHOULDN'T need to be routed - right?) because A
and B are on the same subnet (on the WAN side).
As I said at the beginning, this is an example, simplified... if it was JUST
A & B I could ask for IP's on different subnets, and be ok - BUT, it's A
through Z or more ;-) And the ISP doesn't have enough subnets to grant me
I had asked before if someone could tell me anything about some trick I've
heard of referred to as /32 subnetting, which supposedly makes all traffic
sent to the router, regardless of if it is on the local WAN subnet or not,
but I never heard from anyone who had heard of that trick.