VPN and routing

[David Gillett]

  Whether this applies to you or not will depend on your situation, but in
our case the RSM on our core switch doesn't need to do much, so we've made
it a kind of "master router" for the site.  Client machines all point to it
as their default gateway, and then it (alone) knows about the various
outbound gateways to different networks.

  In your case, you have two gateways, one of which handles the other
private network and the other of which (the proxy) handles "everything
else".  You probably already have your clients' default gateway pointing to
the proxy, so the *obvious* approach is going to be to a route on it
specifying that traffic to the remote private network should be sent to the
VPN box.
  Unfortunately, the PROXY may not allow you to do that (and get the results
you want); I'm pretty sure, for instance, that MS Proxy 2.0 would not.
[You'd need "IP Forwarding" enabled for it to act as a router, and MS Proxy
requires you *disable* that.)
  There's a chance that FreeSwan introduces a similar limitation on the
Linux box -- I'm not sufficiently familiar with that product to say.

  So you may be ready for a "master router" approach after all.

David Gillett
Senior Network Engineer
(650) 701-2702
Niku Corp. "Transforming the Service Economy"



-----Original Message-----
From: VPN Mailing List [mailto:VPN at SECURITYFOCUS.COM]On Behalf Of James
Baumgardner
Sent: Thursday, February 15, 2001 10:06 AM
To: VPN at SECURITYFOCUS.COM
Subject: VPN and routing


I have a proxy server on our internal network that allows access to the
outside world.  I also have setup a VPN box using Linux/FreeSwan.  I want
all traffic routed to the other private network to go thru the VPN box, so
do I add this routing entry to the PROXY, or do I make it the default
gateway?  What is the ideal solution?

VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM