Koozali.org: home of the SME Server

IPSEC / Local Network Question

ryan

IPSEC / Local Network Question
« on: March 14, 2002, 02:31:14 AM »
I work for a state agency with 2 locations.  The main location call it "A" is connected to the internet by standard T1 lines. The other location "B" is connected by a T1 to the state backbone intranet.  This state backbone intranet uses internet IP addresses (159.87.xxx.xxx) and is behind a firewall to the internet.  

Up till a few days ago, 6 users at LocA used PPTP VPN to LocB using SME 5.0 at both locations.  Since upgrading to 5.1.2, only a single user can PPTP from LocA to LocB at a given time.  5.0 allowed several to do this at the same time.  

The 6 users at LocA access a mainframe through a web page running IBM Host on Demand ON THE STATE INTERANET.  Using PPTP VPN from each users computer in LocA to LocB allowed the traffic to get through the state firewall to SME(B) on the state intranet.  Basically, with PPTP VPN connected, the SME server at LocB became their gateway which was behind the state firewall allowing them to connect to the mainframe web access page.  

My Question:  After setting up IPSEC between the 5.1.2 servers, can I create a local network 159.87.0.0 with a subnet of 255.255.0.0 on LocA so that any traffic to 159.87.xxx.xxx from LocA will be "routed" to LocB through the IPSEC tunnel?

I need to use IPSEC to duplicate multilple PPTP connections from LocA to LocB.  If this can't be done, I have to go back to SME 5.0.  

Diagram:

Location A
SME 5.1.2 as gateway
regular Internet via multiple T1 lines
     |
     |
IPSEC VPN
     |
     |
State Intranet firewall (transperent can VPN through, can not ping through it)
    |
State Intranet backbone 159.87.xxx.xxx
State T1 line to State Intranet backbone
SME 5.1.2
Location B

Simply stated, can I tell SME(A) to route all internet packets to network 159.87.0.0 mask 255.255.0.0 to SME(B) through the IPSEC tunnel?  SME(B) would then pass the traffic to the internet (which is actually the state intranet)?

When a user attempts to connect to the mainframe web page through the standard internet at LocA, an error stating the firewall has blocked the traffic comes up.  

Any and all help is appreciated.

RS

Ryan

Re: IPSEC / Local Network Question
« Reply #1 on: March 14, 2002, 05:26:17 PM »
Another question:  With IPSEC VPN, can all internet traffic be routed to the remote SME server?  Tell it to route network 0.0.0.0 mask 0.0.0.0 through the IPSEC tunnel?