Am having a bit of an issue with this, and unfortunately it's now starting to become necessary to get this sorted.
Our primary network at our main site is 192.168.0.0/16. Recently we've set up a new server room on our primary site, with all these new servers on 10.10.2.0/24. 192.168.0.0/16 happily talks to 10.10.2.0/24 via a 3com router i.e. the gateway for 192.168.0.0 has a static route set up to the 3com router for all 10.10.2.0 traffic.
This is the dilemma: We also have a couple of small sites connected to 192.168.0.0 via IPSEC VPN. While these sites can talk to 192.168.0.0, they cannot talk to 10.10.2.0. I've since found out that by design, IPSEC will ignore conventional routing tables. Unless the target subnet is specified specifically into the IPSEC config files as a tunnel, it won't pass that data along.
The solution is apparently to add a second IPSEC tunnel, identical to the first, but changing the subnet specified for our main site from 192.168.0.0/16 to 10.10.2.0/24.
I'm told that should work, but... it doesn't. Every time I enable that second tunnel, it disconnects the first tunnel.
Is there any reason why I can't have two IPSEC tunnels, both with the same remote and local endpoint IPs?
If it helps, the gateway for 192.168.0.0/16 is a smoothwall advanced firewall. The gateway at the other side of the VPN tunnel is a smoothwall express 2.
Our exchange server is now being over over onto the 10.10.2.0 network, so it's now changed from a minor issue to a major one.
Last edited by _Bat_; 7th November 2010 at 05:13 PM.
There are currently 1 users browsing this thread. (0 members and 1 guests)