I haven't seen anything go by on this list, but GTA
was able to help me with a problem that seems like
someone else must have run into. I thought I would
share the solution that I got from them in case
someone else is still banging their head on the wall
like I was!
I have a Customer that has a segmented PRO network,
similar to:
Internet
|
|
GNAT Box
|
|
PRO1 (A.B.C.X)
|
|
Router
|
|
PRO2 (D.E.F.X)
I set up each Mobile VPN Client with two VPNs, one to
reach PRO1 and one to reach PRO2. The two VPNs were
identical for each Mobile VPN Client, except the
"Subnet" under "Remote Party Identity and Addressing".
The problem that the Customer had was that they could
access hosts on PRO1 or access hosts on PRO2, but they
could not access hosts on either subnet within a few
minutes of accessing hosts on the other subnet.
It turns out that the problem is in the way the VPN
uniquely identifies a VPN connection. Since the VPN
connection is identified by its gateways, and not by
the destination subnets, it was necessary to add an
alias to the GNAT Box EXT interface, and use different
gateway addresses for the two VPNs.
The solution works, but I can see where it might be
an issue for a company that has more subnets than
available EXT addresses (this company does, in fact,
but since they don't need access to all of the subnets
by VPN it isn't an issue [yet]).
GTA tells me that they are working with SafeNet to see
if there is a way to work around the problem in the
future without breaking standards.
Mike Burden
Lynk Systems
http://www.lynk.com
(616)532-4985
[EMAIL PROTECTED]
