Dear all

I have 3 subnetwork in my lan ( 192.168.1.0/24 ( net_a),
192.168.2.0/24(net_b), 172.16.0.0/16(net_c)).
I made vpn tunelin from net_a to net_b also to net_c.
net_b--(vpn-client_b_to_a)--internet
---((vpn_gw_a)net_a)---lan--(vpn_client_a_to_c)---internet--((net_c)vpn_gw_c)

Bellow network skema:

- vpn_client_b_to_a :
ip: 192.168.2.1
ipsec.conf :
a_lan="192.168.1.0./24"
b_lan="192.168.2.0./24"
vpn_gw="my ip pubcli vpn_gw"
ike esp from $b_lan to $a_lan peer $vpn_gw pask mypassword
ike esp from egress to $a_lan peer $vpn_gw pask mypassword
ike esp from egress to $vpn_gw
static routing :
route add 192.168.1.0/24 192.168.2.1
---------------------------------------------------------------

- vpn_gw_a :
ip: 192.168.1.5
ipsec.conf :
a_lan="192.168.1.0./24"
b_lan="192.168.2.0./24"
vpn_gw="my ip pubcli vpn_gw"
ike esp from $a_lan to any srcid  $vpn_gw pask mypassword

static routing :
route add 172.16.0.0/16 192.168.1.3
---------------------------------------------------------------

- vpn_client_a_to_c :
ip: 192.168.1.3
Nokia-ip60 (setup vendor )
static routing :
route add 192.168.2.0/24 192.168.1.5
---------------------------------------------------------------
======================================
I can akses comp in net_a from net_b ( ping running application etc)
I can remote comp in net_b from net_a ( ping , remote , print (
jetdirect ), etc )
I can remote desktop citrix in net_a to net_c
=======================================
Then i want net_b can acces remote citrix in net_c , so i made static routing :
--- 192.168.1.3 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 3.759/3.906/4.054/0.160 ms

#route add 172.16.0.0/16 192.168.1.3
#error network can be reached

so how i cant made net_c access able from net_b ?

for detail my network please see in
http://sonjaya.web.id/boboko/vpnsitensite.pdf



-- 
sonjaya
http://sicute.blogspot.com

Reply via email to