Re: Netscreen VPN Client can't access a network via another VPN

From: Volcanoman (google_at_volcanoman.net)
Date: 05/15/03 

Date: 14 May 2003 15:56:45 -0700

Hi there. There is another thread dated around the 13 May on this
exact issue so look out for that for extra clues.

What you are after is definatly possible with hardware at all three
points. They call is a partial mesh or something. It requires two
aspects to be considered:

1) Routing (on NS and devices on the LANs)
2) VPNs to accept traffic to multiple subnets.

This is acheiveable with the hardware. Multiple tunnels into central
site for each endpoint the box requires and a route table on the
central site which dictates who can go where. A little trickier on the
software. If you have control over the addressing you could use
supernetting where in your example the software VPN for the whole
10.1.0.0/16. On the central site route based tunneling should take
care of delivering to either trust or across another VPN. Once
again,remember to set the far end VPN device to route to the software
via the central VPN.

Clear as mud?

Volcanoman.

forums@steve-cooper.co.uk (SteveC) wrote in message news:<c96d2c6c.0305130836.325dd692@posting.google.com>...
> Hi,
>
> I've got two netscreens (ns208 and ns5XT) with a vpn link between them
> via a 'pretend' internet working great, and with a software client on
> the 'pretend' internet can vpn to either netscreen box fine, but I
> have a problem.
>
> What I have is the following:
>
> Network A - 10.1.2.0/24
> Network B - 10.1.1.0/24
>
> VPN Client (via internet) -> ns208 -> network A
> and
> VPN Client (via internet) -> ns5XT -> network B
>
> as well as
>
> network A <-> ns208 <-VPN-> ns5XT <-> network B
>
> What I want is:
>
> VPN Client (via internet) <-> ns5XT <-> networks A and B
>
> so the client over the internet sends all traffic only through the
> remote ns5XT.
>
> Basically I need to join together the two vpn links at the remote
> ns5XT.
>
> Many thanks,
>
> Steve Cooper

Relevant Pages

  • Re: Using a Linksys router, should I also use Zonealarm? Internet Acceptable Use Policy
    ... depending on your VPN client when you connect to VPN server client will ... As soon as you connect to VPN server that will be default route. ... other network address. ... I created new default route for my internet traffic that points to my ISP. ...
    (microsoft.public.security)
  • Re: Two Internet Gateways
    ... local internet connection and the route for your headquarter to be the VPN. ... As far as adding a Cisco VPN client I don't know what that guy was thinking. ...
    (microsoft.public.windowsxp.general)
  • Re: RPC Publishing and Internal Network routing.
    ... But I also want to route to another internal networkon my internal ... network and I feel if I can get this working then since the vpn is another ... network internal to isa I should be able to get that running too once I ... Microsoft Internet Security & Acceleration Server: ...
    (microsoft.public.isa.configuration)
  • Re: Terminal Server disconnects
    ... I have been in touch with the ISP and we even changed the internet ... to another server at the central site but I can browse the internet and ... vpn logs show that the vpn is not going down. ... main office and a satellite office. ...
    (microsoft.public.windows.terminal_services)
  • Re: Connect 2 client vpns through 1 vpn server
    ... The 192.168.0.0/16 is a bundled route. ... that every 192.168 address will be sent through the VPN tunnel. ... If the traffic belongs to another branch, the central site ... to the central site (or hub). ...
    (microsoft.public.windows.server.networking)
Quantcast