|
Posted by Uli Link on July 31, 2008, 6:49 am
If you were Registered and logged in, you could reply and use other advanced thread options
tweety schrieb:
>
> I am terminating a vpn client ( pool 10.10.10.0 /24 ) onto router A
> and allowing access to 192.168.100.0 /24 , this is router A's local
> lan. Router A also has a site to site VPN to router B. This is from
> net 192.168.100.0 /24 to 192.168.200.0 /24 This is as follows.....
>
> Remote Client 10.10.10.0 /24
> |
> |
> 192.168.100.0 /24>>Router A>><<Router
> B<<192.168.200.0 /24
>
> Is there anyway that the remote client would be able to go down the
> Site to site VPN and see Router B's lan?
>
> I am looking fo the remote clients to be able to access resources on
> Router B's lan.
On Router B there must be a route to 10.10.10.0/24 via the tunnel to
192.168.100.1 (or better use the ip of the tunnel interface of Router A
facing to Router B), so traffic from LAN B back to the VPN client is
finding it's way.
Perhaps you may consider the tunnel between Router A and Router B a GRE
over IPsec tunnel instead of pure IPsec which cannot use a routing
protocol. With the old crypto map syntax and static routes it is also
possible but config will soon become quite ugly.
Beware the execution order of NAT, Firewall and IPsec encryption.
--
Uli
| 
NewsGroups 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map