[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: redirecting packets to a vpn tunnel



Wolfgang Pichler wrote:
> Our own internal net is 172.16.0.0/24 - i'd now like my firewall to
> redirect packets coming from 172.16.0.0/24 with destination address
> 10.0.43.0/24 to go over the vpn tunnel.
Assuming you've configured your tunnel(s) correctly, both firewalls
should have routes to the corresponding side; i.e. your firewall will
have a static route for the 10.0.43.0/24 network and packets from your
LAN should automatically go across. For example, a "netstat -rnf encap"
on my office firewall shows:
[email protected] ~> netstat -rnf encap
Routing tables
Encap:
Source             Port  Destination        Port  Proto
SA(Address/Proto/Type/Direction)
130.57.44.64/27     0     192.168.168.30/32  0     0
206.14.107.83/50/use/in
130.57.44.64/27     0     192.168.168.32/32  0     0
208.16.27.92/50/use/in
130.57.44.64/27     0     192.168.168.50/32  0     0
208.16.27.92/50/use/in
130.57.44.64/27     0     192.168.169.2/32   0     0
208.16.27.92/50/use/in
--snip--
The boxes at 192.168.168.30/.32/.50 and 192.168.169.2 reach the
130.57.44.64/27 network over the VPN tunnel. Check out your SAs and see
what flows you actually have configured.
cheers,
Sean