[c-nsp] VPN Concentrator routing
Bruce Pinsky
bep at whack.org
Tue Nov 16 18:39:26 EST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Brian Feeny wrote:
|
| It looks like on the VPN 3000, you can Override the Tunnel Default
| Gateway, to support
| hairpinning (back out the same interface it was received) traffic for
| remote vpn's.
|
| Something tells me the linksys, netgears, etc type devices probably
| only let you
| configure one "remote vpn network", and wont allow static routes to
| work over
| the VPN. I mean I will try it, but I am skeptical if you can have
| multiple networks
| "reachable" over a vpn on a small cpe like linksys/netgear etc.
|
| I think if I can get the remote to send the traffic to the vpn3000
| tunnel, then the vpn3000
| can deal with it by using the "override tunnel default gateway"
| functionality, so that it uses
| its own RIB to direct traffic.
|
| If anyone has done this, multiple remote networks off a linksys/netgear
| going thru a vpn3000,
| please let me know.
|
Can't speak for the Linksys or Netgear equipment you are using. My
Netscreen was able to point to multiple routes over the same tunnel so it
essentially thought everything was at the hub location. Presumably, the
3000 could have done something at that point to forward out a different
egress tunnel to a different remote location and my Netscreen would have
been none the wiser.
- --
=========
bep
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (MingW32)
iD8DBQFBmo+uE1XcgMgrtyYRAsf0AKDOIQkPt8yO5tCcubAlAelqhkWFhACg5z/V
+CD9kQX+CD/7t6g6tVvUIjI=
=PVbW
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list