VPN

Christopher Gripp cgripp at axcelerant.com
Thu Jul 5 13:10:12 EDT 2001


Sounds like you are talking about tunnel cascading.  You can think of
tunnel cascading as transitive trusts if you're familiar with Microsoft
lingo.
(e.g. A=>B,B=>C therefore A=>C.  Without cascading a lot of routes have
to be built.

It all depends on what VPN you are using.  On some, like the RedCreek
and Netscreen it is an option you can turn on or off and the central VPN
equipment routes it internally.

On others you would have to add the routes on A, B and C.  On the
central VPN(B) it will unencrypt the source packets from (A), send it to
a router that also needs to have the routes built out for all the
networks, that router will send it back to the central vpn(B), which
will reencrypt it and send it to the destination).  So essentially, all
parties involved have to know about ALL networks involved if 'tunnel
cascading' isn't an option on the VPN box itself.


Christopher S. Gripp
Systems Engineer
Axcelerant

-----Original Message-----
From: Louella Santimano [mailto:l_santimano at yahoo.com]
Sent: Wednesday, July 04, 2001 12:39 AM
To: vpn at securityfocus.com
Subject: VPN



How do I configure a machine from Network A to go to
Network C using an IP address of Network B. 
Network B has VPNs set up to both Network A and
Network C. What are the required routes and NAT rules? 

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

VPN is sponsored by SecurityFocus.com


VPN is sponsored by SecurityFocus.com





More information about the VPN mailing list