ok i got a few private subnets, 192.168.1, 192.168.2, and 192.168.6. Each subnet is a branch office. theyre all connected by IPsec/VPN. at the 192.168.2 location (headquarters), there is a nortel VPN appliance and a FreeBSD VPN server. 192.168.6 connects to headquarters via the FreeBSD VPN (there is also a FreeBSD box on the other end at the 192.168.6 branch office). At the 192.168.1 office, there is a smaller nortel vpn box that connects to HQ's bigger and badder nortel box. so heres what it looks like (sorry my ascii art sucks!)
|192.168.6.0|FreeBSD VPN|---(tunnel)---|FreeBSD VPN|192.168.2.0|Nortel 600|----(tunnel)--|Nortel 100|192.168.1.0|
So 192.168.2 and 192.168.1 are fully connected. Applications work through the tunnel and all is happy. All routes between these two work fine.
192.168.6 however has routing problems to the other two networks... computers on this subnet know how to get to 192.168.2, but computers on 192.168.1-2 dont know how to get back to 6. So, if i trace route from 6.0 to 1.0 or 2.0, I can see the packets tracing all the way up til the internal interface of the 192.168.2 FreeBSD router. The computer getting traced in the 2.0 network just simply cant find a route back to 6.0. If I trace root from anything on 2.0 to 6.0, it tries going out the default gateway (nortel 600) and out into the internet.
If i change the default gateway of computers on 2.0, they can find their way to the 6.0 network... but can no longer get to 1.0. I will want to change the default gateway soon anyways just because the nortel isnt as beefed up as the FreeBSD box.
So, to solve this, do I simply change the default gatway of 2.0 to the FreeBSD box (which can communicate with 6.0) and then set up a route on the FreeBSD box to the 1.0 network? and then set up a route on nortel 100 in the 1.0 network to the 6.0? The route on the freebsd box being soething like this: get to the 1.0 network via nortel 600. and on the nortel 100: get to the 6.0 network via freebsd box.?
routes always get me confused for some reason. thanks
|192.168.6.0|FreeBSD VPN|---(tunnel)---|FreeBSD VPN|192.168.2.0|Nortel 600|----(tunnel)--|Nortel 100|192.168.1.0|
So 192.168.2 and 192.168.1 are fully connected. Applications work through the tunnel and all is happy. All routes between these two work fine.
192.168.6 however has routing problems to the other two networks... computers on this subnet know how to get to 192.168.2, but computers on 192.168.1-2 dont know how to get back to 6. So, if i trace route from 6.0 to 1.0 or 2.0, I can see the packets tracing all the way up til the internal interface of the 192.168.2 FreeBSD router. The computer getting traced in the 2.0 network just simply cant find a route back to 6.0. If I trace root from anything on 2.0 to 6.0, it tries going out the default gateway (nortel 600) and out into the internet.
If i change the default gateway of computers on 2.0, they can find their way to the 6.0 network... but can no longer get to 1.0. I will want to change the default gateway soon anyways just because the nortel isnt as beefed up as the FreeBSD box.
So, to solve this, do I simply change the default gatway of 2.0 to the FreeBSD box (which can communicate with 6.0) and then set up a route on the FreeBSD box to the 1.0 network? and then set up a route on nortel 100 in the 1.0 network to the 6.0? The route on the freebsd box being soething like this: get to the 1.0 network via nortel 600. and on the nortel 100: get to the 6.0 network via freebsd box.?
routes always get me confused for some reason. thanks
Facebook
Twitter