Tom Eastep wrote: > [email protected] wrote: >> I would like the AnyConnect machine to behave like a gateway for the >> IP phones - basically all the traffic from eth1 to go through >> cscotun0. In other words, to behave like a Cisco ASA device (which is >> a site to site VPN). >> >> My first thought was that a bridge between cscotun0 and eth1 would >> suffice but this fails short - I think because the VPN interface is >> tun. >> >> I know I am expressing poorly what I am looking for, please bear with >> me. > > I'm assuming that the Phone expects to use DHCP to acquire an IP > address? If so and if the VPN software you are using is incapable of > creating/using a tap device, I see no way to accomplish your goal.
You could try running dhcrelay on your local interface and specify the DHCP server from the VPN. By setting the proxy arp flag on the local interface (echo 1 > /proc/sys/net/ipv4/conf/eth1/proxy_arp), you might be able to get the phone to work (if the phone doesn't depend on broadcast for anything except DHCP). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
