Dear all I have 3 subnetwork in my lan ( 192.168.1.0/24 ( net_a), 192.168.2.0/24(net_b), 172.16.0.0/16(net_c)). I made vpn tunelin from net_a to net_b also to net_c.
net_b--(vpn-client_b_to_a)--internet ---((vpn_gw_a)net_a)---lan--(vpn_client_a_to_c)---internet--((net_c)vpn_gw_c) Bellow network skema: - vpn_client_b_to_a : ip: 192.168.2.1 ipsec.conf : a_lan="192.168.1.0./24" b_lan="192.168.2.0./24" vpn_gw="my ip pubcli vpn_gw" ike esp from $b_lan to $a_lan peer $vpn_gw pask mypassword ike esp from egress to $a_lan peer $vpn_gw pask mypassword ike esp from egress to $vpn_gw static routing : route add 192.168.1.0/24 192.168.2.1 --------------------------------------------------------------- - vpn_gw_a : ip: 192.168.1.5 ipsec.conf : a_lan="192.168.1.0./24" b_lan="192.168.2.0./24" vpn_gw="my ip pubcli vpn_gw" ike esp from $a_lan to any srcid $vpn_gw pask mypassword static routing : route add 172.16.0.0/16 192.168.1.3 --------------------------------------------------------------- - vpn_client_a_to_c : ip: 192.168.1.3 Nokia-ip60 (setup vendor ) static routing : route add 192.168.2.0/24 192.168.1.5 --------------------------------------------------------------- ====================================== I can akses comp in net_a from net_b ( ping running application etc) I can remote comp in net_b from net_a ( ping , remote , print ( jetdirect ), etc ) I can remote desktop citrix in net_a to net_c ======================================= Then i want net_b can acces remote citrix in net_c , so i made static routing : --- 192.168.1.3 ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 3.759/3.906/4.054/0.160 ms #route add 172.16.0.0/16 192.168.1.3 #error network can be reached so how i cant made net_c access able from net_b ? for detail my network please see in http://sonjaya.web.id/boboko/vpnsitensite.pdf -- sonjaya http://sicute.blogspot.com