Learn More
Resend Email
3
gitversion
6y

Just setup an IPsec tunnel and route 192.168.50.0/24 to 192.168.0.0/16 over that tunnel on phase2. We will be able to see 192.168.50.6 machine from 192.168.0.0/16 remote subnet.

Do it.

Why we cannot send ICMP echo from local subnet machine to another machine in same subnet??? Also remote subnet hits only the BSD machine it does not go further. Whyy

I know I should have not done it but SDM and my manager insisted to do so... And now they expect me to fix time outs when remote subnet belongs to different company.

rant
Favorite
Ranter
Comments
  • 2
    6y
    Have you set up a route on the other side to go back to yours? Otherwise the traffic goes one ways and gets lost on the way back.
  • 2
    6y
    Oh you are also covering too large a subnet on the other side, it dies not know how to travel back at all...
  • 1
    6y
    @Nhil end point does not belong to me. AFAIK phase2 wont come up if routes were not there. Also 50.6 machine is able to ping other side(not all of it though). But I have no access there
  • 3
    6y
    Wait wait wait.... the more I read this the crazier it gets, are you routing all your traffic over the ipsec? So basically because your network is in the same mask as the remote network traffic on your network will immediately be sent to the remote side, it will be intermittent because the arp caches of your machines will be remembering the correct machines. :)

    You will need to be outside the remote range, basically on 10.0.0.0/24 (or in that range) to be totally separate.
  • 1
    6y
    @Nhil yes, the other engineer thinks that I had an firewall blocking their requests until I showed him firewall logs.

    Anyway, this won't work unless client accepts to move that one old SQL server to different subnet.

    I just wish not to get such cases anymore..

    Though I'm not sure what would happen if I routed just one machine to remote subnet /16.

    They wish to test this setup replicated in different subnet on monday which most likely will work since The IPsec will route correctly
  • 2
    6y
    @gitversion yea the other end if routes are correct will work (sort of) but your end will not.
  • 1
    6y
    @Nhil my end has only that SQL machine and BSD router so it does not matter at the moment whether local communication works.

    Though thank you for the responses I really felt frustrated that such cases happen in biggest Telco corporation in a country. And I had to spend whole day trying to explain them crazyness of this when I could've work with my Unix infra instead
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment