[ale] VPN's

Steve Tynor tynor at outside.atlanta.twr.com
Tue May 25 12:49:21 EDT 1999


Gary Maltzen wrote:

| First off, I'd suggest using different subnets at each office so that you
| don't have to route EVERY packet across the VPN...
| 
|  Atlanta (10.0.1.*) intranet
|    10.0.2.* - routed to 10.0.1.1
|    10.0.3.* - routed to 10.0.1.1
|    10.0.1.1 - Firewall/Gateway
|      10.0.2.* - routed to Austin F/G via VPN
|      10.0.3.* - routed to Canadian F/G via VPN
| 
|  Austin (10.0.2.*) intranet
|    10.0.1.* - routed to 10.0.2.1
|    10.0.3.* - routed to 10.0.2.1
|    10.0.2.1 - Firewall/Gateway
|      10.0.1.* - routed to Atlanta F/G via VPN
|      10.0.3.* - routed to Canadian F/G via VPN
| 
|  Canada (10.0.3.*) intranet
|    10.0.1.* - routed to 10.0.3.1
|    10.0.2.* - routed to 10.0.3.1
|    10.0.3.1 - Firewall/Gateway
|      10.0.1.* - routed to Atlanta F/G via VPN
|      10.0.2.* - routed to Austin F/G via VPN

This is exactly what we do (and your guess even happens to match the
subnet numbers we are using on each subnet :-)).

Only traffic destined from one subnet to the other gets routed through
the tunnel.  That's all happening correctly.  The problem is that the
tunnel itself (10.0.1<->1.0.2) is unreliable.

Steve






More information about the Ale mailing list