[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPSEC VPN and connectivity issues.. OpenBSD 2.8 to Nortel Contivity
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: IPSEC VPN and connectivity issues.. OpenBSD 2.8 to Nortel Contivity
- From: Michael <mwareman_(_at_)_enteract_(_dot_)_com>
- Date: Sun, 4 Mar 2001 00:07:30 -0600 (CST)
I'm having a small issue with establishing a VPN between the above
mentioned devices. I have successfully got the tunnel established using
ISAKMPD, but the issue I have is this. When the tunnel is up, I cannot
connect directly to the OpenBSD box from my internal host (ie: it's
functioning as the VPN router, but not as a host).
Now, the network configuration is also slightly interesting.
Remote LAN is an internetwork 10/8 - it has been subnetted down a lot. The
remote Contivity is on 10.254.0.0/16. and there is another router on that
network to over 120 other networks (10.x.0.0/16).
Local LAN (to the OpenBSD box) is 10.200.1.0/29.
What I am doing is specifying 10/8 as the remote network, and
10.200.1.0/29 as the local. (In Checkpoint speak this is an overlapping
encryption domain) Is this configuration supported?
In the diagram below, when the tunnel is open, I can communicate from
HostB to any host on the 10.x/16, 10.1/16 and 10.254/16 networks
(ie: anything behind the contivity), but not with the OpenBSD box.
>From HostA I can connect to, and ping the OpenBSD box. I cannot do this in
reverse. In fact, the OpenBSD box cannot connect to, or ping, any host on
any 10. network - it can only communicate with other hosts on the
Can anyone see anything obvious?
Many Networks (10.x/16)
Visit your host, monkey.org