home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.dcom.vpn      VPN protocols, clients, awesomeness      2,348 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 1,035 of 2,348   
   Mike Drechsler - SPAM PROTECTED EMA to Tobias Crefeld   
   Re: Vpn Blues   
   09 Jun 04 09:53:22   
   
   From: mike.newsgroup@-DELETETHISPART-.upcraft.com   
      
   I do this all the time.  Let me add to what Tobias said and illustrate with an   
   example of the remote branch locations configuration:   
   Remote Tunnel Endpoint:            192.0.2.22 <- Public IP of W2K box   
   Remote Member Format...            Subnet   
   Remote Member Address:             192.168.0.0   
   Remote Member Mask:                255.255.0.0   
   Local Member Format...             Subnet   
   Local Member Address:              192.168.123.0   
   Local Member Mask:                 255.255.255.0   
   Address Translation Enabled:       No   
      
   So the subnet of the local side of the tunnel from the branch perspective is   
   255.255.255.0 and the remote side is 255.255.0.0.  This tells the router to   
   send anything that starts with 192.168 which is not local over to the W2K   
   endpoint.  On your W2K    
   machine you do the opposite on all your tunnels and the traffic from one   
   remote site to another will loop through the central hub location.     
      
   Note:    
   If you require more than 255 remote locations then you will probably want to   
   switch to the 10.x.x.x group of private addresses so that you can grow to   
   65535 remote locations under this model.     
       
   --    
   WARNING!  Email address has been altered for spam resistance.   
   Please remove the -deletethispart-. section before replying directly.   
   Mike Drechsler (mike.newsgroup@-deletethispart-.upcraft.com)   
      
      
   "Tobias Crefeld"  wrote in message news:9A   
   mp5x4xVB@tc-jus.onlinehome.de...   
   >    
   > I have no idea about your environment (and actually I wouldn't sleep very     
   > well with an MS-machine running IPSEC through public internet) but if you     
   > can summarize your subnets by 192.168.0.0 /16 it might be possible to   
   > establish tunnels with "left side"= 192.168.x.0/24 = LAN and "right side"     
   > = 192.168.0.0 /16 on the remote routers. If you have some more networks on     
   > the W2k-side you can build some extra tunnels from the remote-side to the     
   > W2k-machine-   
   >    
   > Tunnels are cheap.   
   >    
   > --    
   > Gruss,   
   >  Tobias.   
   >   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca