On Jul 16, 2007, at 12:10 PM, Chris Buechler wrote:
David Wadson wrote:
It's probably possible - but will require control of all the
endpoints and some static routing.
Endpoint at site B will need to know the route to site C (through
site A's gateway)
Site C will need a static route for the traffic to flow back to site
B (though site A). If you can't do that, then in all likelihood the
replies will go out site C's default gateway and be lost.
static routes with VPN don't work. The traffic has to match the SPD to
traverse an IPsec connection, which means it needs to have a source
and destination matching an existing connection. Routes don't change
the source or destination and hence can't force traffic over the VPN.
I'm not aware of any way to do what the original poster was asking
with IPsec.
I could have sworn I had done this before...granted it would have been
with Linux, Shorewall, and StrongSwan. Haven't had time to actually try
it again since switching to pfSense.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
