|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alexey Vatchenko (av
bsdua.org)
Date: Sat Mar 01 2008 - 10:21:22 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Markus Wernig wrote:
>> It's because of:
>> ike passive esp from 192.168.0.0/24 to any local egress dstid
>> avbsdua.org psk xxx
>
> Yes, it's because of that. But I'm convinced that you don't need that at
> all.
> From what I understand, you just need to give access from some remote
> network(s) to your office net. Please correct me if you are trying to
> achieve something else.
No, i'm trying to connect HOME_GATEWAY to office network. I don't want
to connect home network to office network.
> Again (see last post):
>
> Home gateway:
> ike dynamic esp from HOME_NET to 192.168.0.0/24 peer OFFICE_EXTERNAL_IP
> psk xxx
>
> Office gateway:
> ike passive esp from HOME_NET to 192.168.0.0/24 psk xxx
> (if you have more than one external networks, you can put "any" instead
> of "HOME_NET" or repeat the stanza for each network.)
Are you sure that the rule for office gateway is correct? I think you
mean "from 192.168.0.0/24 to HOME_NET". And if i put "any" instead of
network addresses i will get that same issue: all outgoing traffic will
flow through my home gateway.
--
Alexey Vatchenko
http://www.bsdua.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]