--===============1663240362==
Content-Type: multipart/alternative;
boundary="----=_Part_9473_7787639.1158851694854"

------=_Part_9473_7787639.1158851694854
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Thank you for your reply. I was hoping that there would be a different
solution since I have 10.80.3.0 in a different network.

On 9/20/06, Krzysztof Pior wrote:
>
> On 20-wrz-2006, at 05:20, Anand Subramanian wrote:
> > Hello All,

>
> Hello
>
> > The thing that really bothers me is that the existing configuration
> > will establish three VPN tunnels as follows.
> >
> > 1) 10.5.25.0 to 10.80.2.0
> > 2) 10.5.25.0 to 10.80.1.0
> > 3) 10.5.25.0 to 10.80.0.0
> >
> > I am hoping that there is a way out of this and I would be able to
> > route traffic from 10.5.25.0 to 10.80.1.0 with only one VPN tunnel
> > between 10.5.25.0 and 10.80.2.0
> >
> > I have searched all over the internet for any sample configuration
> > and I am not able to find it. There should be an easy way to do
> > this. Please help.
> >
> > PIX1 configuration
> >
> > object-group network Remote-Networks
> > network-object 10.80.2.0 255.255.255.0
> > network-object 10.80.1.0 255.255.255.0
> > network-object 10.80.0.0 255.255.255.0

>
> The vpn tunnels are created between subnets and from the above you
> can see that you have a group of three /24 subnets and three tunnels.
> To have a one tunnel for all of them, you need to create a SA between
> single subnets: 10.8.0.0 255.255.252.0(/22) and 10.5.25.0
> 255.255.255.0 (/24) but it will also "cover" the 10.80.3.0/24 subnet.
>
> Kind regards
>
> Chris.
>
> PS
> Apologies for the following disclaimer.
>
> ************************************************** ********************
> Confidentiality : This e-mail and any attachments are intended for the
> addressee only and may be confidential. If they come to you in error you
> must take no action based on them, nor must you copy or show them to anyone.
> Please advise the sender by replying to this e-mail immediately and then
> delete the original from your computer.
>
> Opinion : Any opinions expressed in this e-mail are entirely those of the
> author and unless specifically stated to the contrary, are not necessarily
> those of the author's employer.
>
> Security Warning : Internet e-mail is not necessarily a secure
> communications medium and can be subject to data corruption. We advise that
> you consider this fact when e-mailing us.
>
> Viruses : We have taken steps to ensure that this e-mail and any
> attachments are free from known viruses but in keeping with good computing
> practice, you should ensure that they are virus free.
> __________________________________________________ _____________
> This message has been checked for all known viruses by UUNET delivered
> through the MessageLabs Virus Control Centre. For further information
> visit
> http://www.uk.uu.net/products/security/virus/
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards
>
>
>


------=_Part_9473_7787639.1158851694854
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Thank you for your reply. I was hoping that there would be a different solution since I have 10.80.3.0 in a different network.

On 9/20/06,
Krzysztof Pior
<chris.pior@inspiredbroadcast.net> wrote:

On 20-wrz-2006, at 05:20, Anand Subramanian wrote:
> Hello All,

Hello

> The thing that really bothers me is that the existing configuration
> will establish three VPN tunnels as follows.
>

> 1) 10.5.25.0 to 10.80.2.0
> 2) 10.5.25.0 to 10.80.1.0
> 3)
10.5.25.0
to 10.80.0.0
>
> I am hoping that there is a way out of this and I would be able to
> route traffic from 10.5.25.0 to
10.80.1.0
with only one VPN tunnel
> between 10.5.25.0 and 10.80.2.0
>
> I have searched all over the internet for any sample configuration

> and I am not able to find it. There should be an easy way to do
> this. Please help.
>
> PIX1 configuration
>
> object-group network Remote-Networks
>   network-object
10.80.2.0
255.255.255.0
>   network-object 10.80.1.0 255.255.255.0
>   network-object
10.80.0.0
255.255.255.0

The vpn tunnels are created between subnets and from the above you
can see that you have a group of three /24 subnets and three tunnels.
To have a one tunnel for all of them, you need to create a SA between

single subnets: 10.8.0.0 255.255.252.0(/22) and 10.5.25.0
255.255.255.0 (/24) but it will also "cover" the
10.80.3.0/24
subnet.

Kind regards

Chris.

PS
Apologies for the following disclaimer.

************************************************** ********************
Confidentiality : This e-mail and any attachments are intended for the addressee only and may be confidential. If they come to you in error you must take no action based on them, nor must you copy or show them to anyone. Please advise the sender by replying to this e-mail immediately and then delete the original from your computer.


Opinion : Any opinions expressed in this e-mail are entirely those of the author and unless specifically stated to the contrary, are not necessarily those of the author's employer.

Security Warning : Internet e-mail is not necessarily a secure communications medium and can be subject to data corruption. We advise that you consider this fact when e-mailing us.


Viruses : We have taken steps to ensure that this e-mail and any attachments are free from known viruses but in keeping with good computing practice, you should ensure that they are virus free.
__________________________________________________ _____________

This message has been checked for all known viruses by UUNET delivered
through the MessageLabs Virus Control Centre. For further information visit
http://www.uk.uu.net/products/security/virus/



_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com

https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards






------=_Part_9473_7787639.1158851694854--

--===============1663240362==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============1663240362==--