Netscreen VPN Client can't access a network via another VPN

[SteveC]

Hi,

I've got two netscreens (ns208 and ns5XT) with a vpn link between them
via a 'pretend' internet working great, and with a software client on
the 'pretend' internet can vpn to either netscreen box fine, but I
have a problem.

What I have is the following:

Network A - 10.1.2.0/24
Network B - 10.1.1.0/24

VPN Client (via internet) -> ns208 -> network A
and
VPN Client (via internet) -> ns5XT -> network B

as well as

network A <-> ns208 <-VPN-> ns5XT <-> network B

What I want is:

VPN Client (via internet) <-> ns5XT <-> networks A and B

so the client over the internet sends all traffic only through the
remote ns5XT.

Basically I need to join together the two vpn links at the remote
ns5XT.

Many thanks,

Steve Cooper

[Volcanoman]

Hi there. There is another thread dated around the 13 May on this
exact issue so look out for that for extra clues.

What you are after is definatly possible with hardware at all three
points. They call is a partial mesh or something. It requires two
aspects to be considered:

1) Routing (on NS and devices on the LANs)
2) VPNs to accept traffic to multiple subnets.

This is acheiveable with the hardware. Multiple tunnels into central
site for each endpoint the box requires and a route table on the
central site which dictates who can go where. A little trickier on the
software. If you have control over the addressing you could use
supernetting where in your example the software VPN for the whole
10.1.0.0/16. On the central site route based tunneling should take
care of delivering to either trust or across another VPN. Once
again,remember to set the far end VPN device to route to the software
via the central VPN.

Clear as mud?

Volcanoman.

for...@steve-cooper.co.uk (SteveC) wrote in message news:<c96d2c6c.03051...@posting.google.com>...