G
Guest
Guest
Archived from groups: comp.dcom.vpn (More info?)
Hi -
My network is acessible by via a VPN tunnel via Netscreen Remote 8.3 to a
Netscreen 5GT. The trust interface is 192.168.0.1. Connections to
192.168.0.0/24 hosts from my users' remote PCs work fine. However, we have
a 10.0.0.0/24 network whose gateway is at 192.168.0.2. Unfortunately, there
seems to be no way to tell Windows 2000 to route packets to 10.0.0.0/24 via
192.168.0.1, because the "deterministic network enhancer" which is used by
the Netscreen Remote software is under the radar of basic Windows 2000
TCP/IP. That is, "route ADD 10.0.0.0 MASK 255.255.255.0 192.168.0.2 METRIC
1 IF 0x2" does not work, because not unreasonably, there is no official
route to the 192.168.0.0/24 subnet.
Does anybody know whether it is possible to hack this so 10.0.0.0/24 packets
are sent down the invisible VPN interface? Looking at the Netscreen Remote
software, there doesn't appear to be any way to add this, short of creating
a completely separate tunnel for this interface (I imagine that I would have
to bind a 10.0.0.x address to a new VPN gateway, somehow).
Any ideas?
--
Mark Bertenshaw
Kingston upon Thames
UK
Hi -
My network is acessible by via a VPN tunnel via Netscreen Remote 8.3 to a
Netscreen 5GT. The trust interface is 192.168.0.1. Connections to
192.168.0.0/24 hosts from my users' remote PCs work fine. However, we have
a 10.0.0.0/24 network whose gateway is at 192.168.0.2. Unfortunately, there
seems to be no way to tell Windows 2000 to route packets to 10.0.0.0/24 via
192.168.0.1, because the "deterministic network enhancer" which is used by
the Netscreen Remote software is under the radar of basic Windows 2000
TCP/IP. That is, "route ADD 10.0.0.0 MASK 255.255.255.0 192.168.0.2 METRIC
1 IF 0x2" does not work, because not unreasonably, there is no official
route to the 192.168.0.0/24 subnet.
Does anybody know whether it is possible to hack this so 10.0.0.0/24 packets
are sent down the invisible VPN interface? Looking at the Netscreen Remote
software, there doesn't appear to be any way to add this, short of creating
a completely separate tunnel for this interface (I imagine that I would have
to bind a 10.0.0.x address to a new VPN gateway, somehow).
Any ideas?
--
Mark Bertenshaw
Kingston upon Thames
UK