> > When pinging and endpoint from one end of an IPSec tunnel to the other, > > occasionally the ping returns with one of the 10.X.X.X IP's of a router > > along > > the path. The router IP shows up on traceroute and is more often than not > > the [...] > > Main question is this, why does the 10.x.x.x address come back to us > > instead > > of timing out??
connections from the VPN router (including ping and traceroute) don't automatically use a source IP address on the VPN. investigate the -I option to ping or -s option to traceroute for other behaviour, and check tcpdump output on different interfaces (enc0 and egress). assuming this is what's happening, you're probably just seeing some RFC1918 addresses being used (maybe temporarily) by an ISP. This does happen sometimes. Look at traceroutes to sites other than vpn endpoints, I think they're likely to still show up.
