We have a hub and spoke network set up using a Proo 200 for the hub and
Tele3 for the spokes. I have separate SA's defined on the PRO200 for each
spoke. With the exception of two of the spokes, the Tele3 SA to the Hub are
set up to send all IP traffic over the VPN (No direct access to the
Internet) via the "Use this SA as default route for all Internet traffic"
radio button option. On each of the spoke network SA's definition I have
the gateway set to the hub network gateway (192.168.1.1)
On the hub network the PRO200's IP address is 192.168.1.254 on a
192.158.1.x/255.255.255.0 network. On this network, the Internet gateway is
a multihomed box running a proxy authorization software application for
Internet access on 192.168.1.1. On this box I have a static route defined
for each of the spoke networks:
Network Destination Netmask Gateway Interface Metric
192.168.3.0 255.255.255.0 192.168.1.254 192.168.1.1 1
192.168.4.0 255.255.255.0 192.168.1.254 192.168.1.1 1
I have no problems on any of these spoke networks for access to any other
spoke network or accessing the Internet though the proxy software.
_____________________________________________________________________
For the spoke networks (192.168.2.0 and 192.168.8.0) that do not access the
Internet through the hub network's proxy server, I have separate entries for
every other spoke network on the "Specify destination networks" radio button
option. (This is in the SA definition on the spoke networks Tele3)
On all of the SA's on the spoke Tele3's as well as on the Pro200 Hub SA
definitions, I have "Enable Windows Networking (NetBIOS) broadcast" checked.
On each of the SA definitions on the hub Pro200 I also have "Forward packets
to remote VPNs" checked.
I have no problems accessing any of the networks from any other networks.
The problem is that the log files from the two Tele3's on the two spoke
networks that do not use the hub network's gateway for Internet access as
well as the Pro200 on the hub network has the log fiel filling up with the
error shown below:
10/17/2003 12:39:35.544 - IPSec packet from or to an illegal host -
Source:192.168.8.11 - Destination:192.168.2.255 - SPI:70D9F5DC -
Please note that these two networks shown in the error log are the two
network that do not use the hub networks gateway.
Any suggestions to fix this problem?
Scott R. Morgan
[EMAIL PROTECTED]
SUPERIOR RESTAURANT MANAGEMENT SERVICES
(512) 443-3979
(512) 416-9621 (Fax)
USPA A-29450
Only a skydiver knows why the birds sing....
They don't have to repack a parachute every time they land!!!
---
[This E-mail scanned for viruses by Declude Virus]
---
[This E-mail scanned for viruses by Declude/F-Prot AV]
==================================================================================================To
unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the
following: unsubscribe sonicwall your_name
The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
