[VPN] VPN3k LAN-to-LAN connection
Siddhartha Jain
losttoy2000 at yahoo.co.uk
Sat May 24 03:32:41 EDT 2003
Okie, here is how, briefly, VPN tunnel is established.
The terminology might be different depending on your
product but the mechanism is the same.
vpn3kA has
-> an access-list matching traffic flowing from SiteA
to SiteB.
-> a IPSec policy for this access-list.
-> a peer (vpn3kB here) set for this access-list/IPSec
policy.
-> a default route to the internet if vpn3kB is on the
internet somewhere or generally route to the network
to which vpn3kB belongs.
The same goes for vpn3kB.
On vpn3kA, you should have a route that says:
All packets destined for vpn3kB should be sent to
router. And you should be able to ping vpn3kB whether
there is a IPSec tunnel or not.
Same for vpn3kB.
On a PC in site-A, you will have to specify the
gateway as vpn3kA for packets destined for Site-B
network.
If you need to add a route on vpn3kA for packets
destined to site-B as next-hop-router then this
probably means you are simply doing routing and no
IPSec tunnel is coming up. :)
- kazuki kamiya <kazuki.kamiya at uniadex.co.jp> wrote: >
> I want to know cisco vpn3k LAN-to-LAN VPN.
> Sould I add routing entry of SiteB to vpn3kA?
>
> vpn3kA routing table
> ###################################
> destination next hop
> SiteB router
> ###################################
>
>
SiteA-----vpn3kA------router-------VPN3kB--------SiteB
>
> If I don't add routing entry of siteB to VPN3kA,
> I can not ping to SiteB from SiteA
> (I can ping to vpn3kB from vpn3kA)
>
> If I add routing entry of siteB to VPN3kA,
> I can ping to SiteB from SiteA
>
> I think it strang.
>
>
>
> _______________________________________________
> VPN mailing list
> VPN at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/vpn
__________________________________________________
It's Samaritans' Week. Help Samaritans help others.
Call 08709 000032 to give or donate online now at http://www.samaritans.org/support/donations.shtm
More information about the VPN
mailing list