[prev in list] [next in list] [prev in thread] [next in thread]
List: sidewinder
Subject: Re: [Sidewinder] Deploying SmartFilter to a Sidewinder over IPSEC
From: Sidewinder moderated discussion list <sidewinder () adeptech ! com>
Date: 2007-04-18 0:34:53
Message-ID: 000301c78151$6203aa90$0201a8c0 () lordchariot ! com
[Download RAW message or body]
I can't tell you about what's going on with the VPN part, but I _think_ the
source burb is extended by the routing table.
That is, another subnet is considered a part of the internal burb if it is
hopping out a gateway address within the burb's subnet.
Hope that makes sense.
-----Original Message-----
From: sidewinder-bounces@adeptech.com
[mailto:sidewinder-bounces@adeptech.com] On Behalf Of Sidewinder moderated
discussion list
Sent: Tuesday, April 17, 2007 16:11
To: sidewinder@adeptech.com
Subject: [Sidewinder] Deploying SmartFilter to a Sidewinder over IPSEC
Hi List:
At one point in time I installed a mid-ranged Sidewinder at a
corporate HQ and several 100-series Sidewinders at small branch
locations. I then deployed my SmartFilter configuration from the
corporate office down to the branch Sidewinders via main mode IPSEC
tunnels. This seemed to work fine.
I recently attempted a similar configuration, configuring SmartFilter
to deploy a configuration to another Sidewinder across another main
mode IPSEC tunnel, and I'm receiving NSS attack events with a reason
of "Source address not valid in source burb". The reason that I'm
seeing this is clear: NSS doesn't want to accept connections on the
internal burb for any subnet that isn't directly attached. Support
basically told me that this configuration was not possible, but what
would you do if you had some sort of non-basic routing configuration
in which the corporate SmartFilter server was two or more hops inside
the network? Can anybody comment on how I could get around this
limitation or whether or not they have been able to deploy a similar
configuration?
Thanks,
BN
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
_______________________________________________
Sidewinder mailing list
Sidewinder@adeptech.com
http://mail.adeptech.com/mailman/listinfo/sidewinder
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic