From: tony sarendal (dualcyclonegmail.com)
Date: Thu Oct 13 2005 - 01:28:36 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 13/10/05, Chris Cameron <chrisupnix.com> wrote:
> I'm trying to do something I'm pretty sure I recall reading couldn't be
> done. Although I wasn't able to find any information this last time around.
>
> We're going to be temporarily splitting our data centre, but still want
> both data centre halfs connected to our office through our VPN. Everyone
> needs to maintain the same subnet as we have software that is licensed
> based on the subnet it is on.
>
> So:
>
> 192.168.120.x <-> 192.168.121.x <-> 192.168.120.x
>
> I don't care if the two .120's can talk to one another, I just need to
> be able to talk to both .120's from the .121
>
> Now, some cursory poking around, using a local ID type of
> IPV4_ADDR_SUBNET is no good. Using IPV4_ADDR isn't working for me, as
> the .121 firewall (understandably) doesn't know to route the internal
> traffic that way.
>
>
> So, immidate question would be, would there be a way to add routing
> table entries for the specifc IPs I want going to the second .120
> network? I understand how arp requests work, but obviously not how an
> arp proxy works, as I wasn't able to fix "network unreachable" errors.
>
>
> If that's a no go, is this even possible? At all? I'm willing to do
> bizarre things. The other thought I've had is to have a .130 subnet on a
> vlan and the second .120 on another vlan, and then just translate packets.
>
>

Set ip IPIP (gif) tunnels between the firewalls, encrypt them if you want to,
add the statics you wish on the main site pointing at the other end of the
tunnel where you want it to go.

/Tony

--
Tony Sarendal - dualcyclonegmail.com
IP/Unix
       -= The scorpion replied,
               "I couldn't help it, it's my nature" =-

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]