On Fri, 28 May 2004, Ginther, Demian M wrote:
> I have a route for that, actually. The problem is that there are many
> subnets on the corporate side and some of them do not match the tunnel
> 'local' network definition. For instance, say the local network is
> defined on the corporate side m0n0 as 123.456.789.0/24... the packets
> are leaving that network and going to another network, passing through a
> NAT, (where I see them go with TCPdump) coming back, getting rewritten
> with a source of 192.168.20.x and then hitting the corporate side m0n0.
It sounds like you're saying that packets on a network directly connected
to the m0n0 are going first to some other router, getting transformed by
NAT, and *then* going to the m0n0. Why is that, or am I misunderstanding
> The corporate side m0n0 sees that their source is 456.789.123.0/24 and
> doesn't pass them thru the tunnel because they didn't come from
> 123.456.789.0/24. This is what I think is happening anyway. If I was
> able to set the tunnel to accept packets from any source address, it
> would work. I can see the firewall dropping those packets in the log,
> so I know they are getting at least that far.
You can pass whatever you want through the tunnel, and it doesn't sound
like you need to block anything from it in this configuration.