Greetings: I have isakmpd running on a border router; it listens on a public IP and sets up flows from remote users (laptops) between their distant LAN (10.0.3.0/24) and our local LAN (10.0.0.0/24) using "passive connections". There is no route however from the border router (host running the isakmpd) to the distant LAN.
This may be remedied of course with a static route, e.g.: route add -net 10.0.3.0 -netmask 0xffffff00 10.0.0.100 (10.0.0.100 describes the interface for which the 'enc' flow is set up) but it would be more useful to have the flow from the router host created by isakmpd. It is not clear how this should be done using passive connections. This is not a new issue and solutions I have found involve persistent connections. Keep in mind that it is only the router which does not have a route, the distant LAN and hosts on the local LAN _do_ have routes. All replies much appreciated. Regards, Michael Grigoni Cybertheque Museum
