|
Posted by Mark Alexander Bertenshaw on June 6, 2005, 10:55 am
If you were Registered and logged in, you could reply and use other advanced thread options
"Mike Drechsler - SPAM PROTECTED EMAIL"
> Mark Alexander Bertenshaw wrote:
> > Hi -
> >
> > My network is acessible by via a VPN tunnel via Netscreen Remote 8.3 to
a
> > Netscreen 5GT. The trust interface is 192.168.0.1. Connections to
> > 192.168.0.0/24 hosts from my users' remote PCs work fine. However, we
have
> > a 10.0.0.0/24 network whose gateway is at 192.168.0.2. Unfortunately,
there
> > seems to be no way to tell Windows 2000 to route packets to 10.0.0.0/24
via
> > 192.168.0.1, because the "deterministic network enhancer" which is used
by
> > the Netscreen Remote software is under the radar of basic Windows 2000
> > TCP/IP. That is, "route ADD 10.0.0.0 MASK 255.255.255.0 192.168.0.2
METRIC
> > 1 IF 0x2" does not work, because not unreasonably, there is no official
> > route to the 192.168.0.0/24 subnet.
> >
> > Does anybody know whether it is possible to hack this so 10.0.0.0/24
packets
> > are sent down the invisible VPN interface? Looking at the Netscreen
Remote
> > software, there doesn't appear to be any way to add this, short of
creating
> > a completely separate tunnel for this interface (I imagine that I would
have
> > to bind a 10.0.0.x address to a new VPN gateway, somehow).
> >
> > Any ideas?
> >
> > --
> > Mark Bertenshaw
> > Kingston upon Thames
> > UK
>
> You need to add another subnet to the existing tunnel or if your user
> interface only allows a single local and a single remote subnet when
> defining a tunnel then you will need to create a second tunnel to the
> same endpoint.
That's what I thought. All rather annoying.
--
Mark
| 
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
XML site map