I'm hoping that someone can help me with a little puzzle!
We've been doing some testing in a lab today with a site to site VPN between two firewalls, one on NT4, the other on a Nokia IP330. This is in preparation for a job that's coming up. We managed to get the site to site VPN working using IKE and pre-shared secrets. However we're now having a problem with SecureClient. The firewall that authenticates the SC users is at the main site, site 1. Site 1 has a VPN to Site 2. When a test user logs in to Site 1 firewall they can get to anything on the Site 1 network and the logs on the SecureClient package show the traffic as being encrypted.
However, when trying to ping a server on site 2 the VPN client does not encrypt the packets, just sends them out as regular traffic. The desktop security rule does allow the SC user to get to both networks via the VPN but when we try it just won't encrypt that traffic, only traffic on the same network as the firewall that authenticated the user.
So, my question is, is it possible to have a SC client authenticate at a firewall on one site and then be able to access resources and servers at other sites within the VPN between the firewalls, or would the user have to authenticate at the other firewall on site 2 to be able to get to servers on that network? What do we need to do to get this working or has anybody else managed a similar thing?
Cheers,
Chris.
************************
Chris Andrew, CCNA
chris@iproute.co.uk
************************
We've been doing some testing in a lab today with a site to site VPN between two firewalls, one on NT4, the other on a Nokia IP330. This is in preparation for a job that's coming up. We managed to get the site to site VPN working using IKE and pre-shared secrets. However we're now having a problem with SecureClient. The firewall that authenticates the SC users is at the main site, site 1. Site 1 has a VPN to Site 2. When a test user logs in to Site 1 firewall they can get to anything on the Site 1 network and the logs on the SecureClient package show the traffic as being encrypted.
However, when trying to ping a server on site 2 the VPN client does not encrypt the packets, just sends them out as regular traffic. The desktop security rule does allow the SC user to get to both networks via the VPN but when we try it just won't encrypt that traffic, only traffic on the same network as the firewall that authenticated the user.
So, my question is, is it possible to have a SC client authenticate at a firewall on one site and then be able to access resources and servers at other sites within the VPN between the firewalls, or would the user have to authenticate at the other firewall on site 2 to be able to get to servers on that network? What do we need to do to get this working or has anybody else managed a similar thing?
Cheers,
Chris.
************************
Chris Andrew, CCNA
chris@iproute.co.uk
************************