[EMAIL PROTECTED] wrote:
Dear all, Im managing two remote lans and have servers in all the two sides. and outside someone is also accessing our server.
I also run multivoip equipments to the two sites.
my network is like this.
in site 1 I have lan then NAT which translates the IP that I have been given by my ISP. the same situation in the other side. I want any body from any internal lan having right to acess servers of the other site. Also my multivoip equipment has been configured with the internal IPs. The problem comes.
that I cannot ping my servers on both sides and my voip doesnt work. I have talked with my ISP and said he cannot help more than buying another IPs for mostly multivoip equipments and for servers so that the server becomes outside my internals of both sides that means on the ISPs range.
Can any one help me what I can configure in my NATs so that I can just ping my internal IPS from both ends.
MY ISP is also willing if I can give him a way to configure his linux routers so that I can ping each of my internal LANs. I strongly waiting for your assistance.
Thanks in advance.
What kind of routers are they? Do they support IPsec? To do this you will need both networks to be able to pass traffic to each other as if they were just subnetts of the same network.
passing traffic out of nat and then back into NAT is probably not possible and
if it is it is probably not easy or all that robust.
If the routers do not support IPsec/IPsec'ing subnetts together then you may want to
just use the routers to handle edge connectivity and have a linux box directly
behind them doing the firewalling/nat/ipsec for both subnets. Then you can use
freeswan to connect both subnetts together and pass whatever kind of traffic you want
between them.
take a look at shorewall ( for the firewall stuff ) http://shorewall.sourceforge.net/
and freeswan ( for the ipsec stuff ) http://www.freeswan.org/
I am currently doing this to tie a couple of locations together and it works really well.
Ivan
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
