[ale] VPN's
Steve Tynor
tynor at outside.atlanta.twr.com
Tue May 25 12:49:21 EDT 1999
Gary Maltzen wrote:
| First off, I'd suggest using different subnets at each office so that you
| don't have to route EVERY packet across the VPN...
|
| Atlanta (10.0.1.*) intranet
| 10.0.2.* - routed to 10.0.1.1
| 10.0.3.* - routed to 10.0.1.1
| 10.0.1.1 - Firewall/Gateway
| 10.0.2.* - routed to Austin F/G via VPN
| 10.0.3.* - routed to Canadian F/G via VPN
|
| Austin (10.0.2.*) intranet
| 10.0.1.* - routed to 10.0.2.1
| 10.0.3.* - routed to 10.0.2.1
| 10.0.2.1 - Firewall/Gateway
| 10.0.1.* - routed to Atlanta F/G via VPN
| 10.0.3.* - routed to Canadian F/G via VPN
|
| Canada (10.0.3.*) intranet
| 10.0.1.* - routed to 10.0.3.1
| 10.0.2.* - routed to 10.0.3.1
| 10.0.3.1 - Firewall/Gateway
| 10.0.1.* - routed to Atlanta F/G via VPN
| 10.0.2.* - routed to Austin F/G via VPN
This is exactly what we do (and your guess even happens to match the
subnet numbers we are using on each subnet :-)).
Only traffic destined from one subnet to the other gets routed through
the tunnel. That's all happening correctly. The problem is that the
tunnel itself (10.0.1<->1.0.2) is unreliable.
Steve
More information about the Ale
mailing list