[vpn] VPN tunnel cascading

[Travis Watson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I agree.  Jerry Roy explained it pretty well.  Just one note for the
practical side of things,  make sure that you (or whoever is doing
this) has access to as many of the routers as possible.  Trying to
have two or three (or more) admins/groups work on this would be a
pain.  It would be best if one person/group could just do it all.

Also, as an editorial, we had a setup similar to this and ended up
simplifying it (bypassed one of the cisco's).  Though it did "work"
originally, it was a huge hassle to have any configuration changes
done because multiple groups were invovled and it was hard to know
what the other side was doing.  It generated mistrust and a bad
working relationship.  So, if you have to do it like this, go ahead,
but try to have exclusive control to avoid finger-pointing.

Regards,

Travis



- -----Original Message-----
From: Christopher Gripp [mailto:cgripp at axcelerant.com]
Sent: Monday, March 11, 2002 2:26 PM
To: Laux, Kurt; Travis Watson
Cc: vpn at securityfocus.com
Subject: RE: [vpn] VPN tunnel cascading


See Jerry Roy's response.  He explained it pretty well for Cisco IOS.





Christopher Gripp
Systems Engineer
Axcelerant

"Impartiality is a pompous name for indifference, which is an elegant
name for ignorance."  G.K. Chesterton

> -----Original Message-----
> From: Laux, Kurt [mailto:Kurt.Laux at schweickert.de]
> Sent: Monday, March 11, 2002 8:44 AM
> To: 'Travis Watson'
> Cc: 'vpn at securityfocus.com'
> Subject: AW: [vpn] VPN tunnel cascading
>
>
> Hi,
>
> We use ipSec 3DES VPN connection.
> Both tunnels als established (one from location A to central
> location; one
> from location B to central location)
> Location A uses a Cisco 1720 VPN Bundle router.
> Central location uses a Cisco PIX 515UR firewall.
> Location B uses a Cisco PIX 506 firewall.
>
> We would like to connect to a Node B (located in location B)
> from location A
> over VPN.
>
> Net location A: 192.30.16.0/24
> Net location B: 192.30.10.0/24
> Net central location: 192.30.0.0/24
>
> Regards
> Kurt
>
> > -----Ursprüngliche Nachricht-----
> > Von: Travis Watson [mailto:rtwatson at qwest.net]
> > Gesendet: Samstag, 9. März 2002 02:11
> > An: Laux, Kurt
> > Cc: vpn at securityfocus.com
> > Betreff: RE: [vpn] VPN tunnel cascading
> >
> >
> > What is the protocol?  (And why would you want to do it?)
> >
> > --Travis
> >
> > -----Original Message-----
> > From: Laux, Kurt [mailto:Kurt.Laux at schweickert.de]
> > Sent: Friday, March 08, 2002 3:26 AM
> > To: 'vpn at securityfocus.com'
> > Subject: [vpn] VPN tunnel cascading
> >
> >
> > Hi,
> >
> > I would like to reach Node B over two VPN tunnels. Is that
> > possible?
> >
> >  Node A -----> Firewall ====(VPN)====> Firewall
> > ====(VPN)====> Firewall
> > -----> Node B
> >
> > Regards
> >
> > Kurt Laux
> >
> >
> >
>
> VPN is sponsored by SecurityFocus.com
>
>

VPN is sponsored by SecurityFocus.com


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPI4Kb2i85ZG+FfBoEQIGEQCeNi6/dXu62sAYWlFUhbwQXUk+oWYAoJpz
O1CEOyu76EP7uSsLQ0pjh8Rz
=bEGx
-----END PGP SIGNATURE-----


VPN is sponsored by SecurityFocus.com