This sounds like the problem I was having with SNMP data. The packets vent
out the VPN with the source address of the external interface not the
internal. The solution was to modify the _updown script to include the
source address in the route command, or you can change the route statement
after the tunnel has been created with an ip route change command.
Basically it looks like this:
ip route change RIGHT_SUBNET via LEFTDEFAULTGATEWAY (or
LEFT_NEXT_HOP) src LEFT_NETWORK_INTERFACE dev ipsec0
Try it. It'll only take a couple minutes to find out if it works for you.
Best Regards,
Roger McClurg
[EMAIL PROTECTED]
Date: Thu, 31 Jan 2002 20:28:04 -0600
From: "Michael D. Schleif" <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Organization: mds resource
To: Charles Steinkuehler <[EMAIL PROTECTED]>
CC: LEAF <[EMAIL PROTECTED]>
Subject: Re: [Leaf-user] DCD, ipsec, gateways & road warriors ???
Charles Steinkuehler wrote:
>
> > So, we blew away that wins server and put samba (nmb-207.lrp) on each
> > gateway. It's taken some tweaking and reading man smb.conf
> > <http://us6.samba.org/samba/docs/man/smb.conf.5.html>.
> >
> > Still, windoze functionality is severely lacking across the wan!
> >
> > Do the samba servers need to communicate with each other? If so, the
> > DCD gateways cannot ping each other, because they are concurrent with
> > the gateway itself -- although, from anywhere else on the remote
> > network, we can ping the opposite gateway by private address.
>
> This is a routing issue. The VPN connects the two private IP LAN's.
> Default traffic sent between the two VPN gateways will use a source IP of
> the primary external interface, so the gateway-gateway packets don't
match
> your subnet-subnet tunnel. You can either build a gateway-gateway tunnel
> for the samba traffic, or possibly send the gateway-gateway traffic
through
> the existing subnet-subnet tunnel via advanced routing.
I give up!
How do we accomplish either suggestion in your last sentence? What do
we need to do?
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I don't know . . .
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
