Internet
|
DSL Modem
|
WAN Interface xxx.xxx.xxx.xxx
Netopia R9100 Router (Router A)
LAN Interface 192.168.1.1
|
Home Network (macs, printers, etc on 192.168.1.0/24)
|
LAN Interface 192.168.1.2
Netopia R9100 Router (Router B)
WAN Interface 192.168.11.1
|
Airport Extreme Base Station 192.168.11.2 (AEBS – No NAT)
|
Various Airport Equipped Macs on 192.168.11.0/24
Router A provides a connection to the internet and various IPSec VPNs to outside networks. There are no known problems with Router A connections.
The macs connecting via Airport are running Panther OSX.3.1 and use VaporSec 1.0 to connect via IPSec VPN to Router B. The airport Macs get to the internet via this tunnel. There are a number of issues with the connections via Router B.
What works:
All connections between 192.168.11.0/24 and 192.168.1.0/24 work beautifully.
HTTP connections
Some HTTPS connections
POP 110 connections
SMTP 25 connections
IMAP 143 connections message list
What does not work:
Connections from 192.168.11.0/24 to 192.168.11.0/24
Some HTTPS connections
SMTP:auth connections
IMAP 143 connections content – very very slow or not at all
IMAP 443
Connections from 192.168.11.0/24 to any other VPN connection from Router A
iDisk WebDav causes finder crash that can only be recovered by killing the mount webdav process
Questions:
Are these issues intrinsic to an IPSec connection?
If not, what type of setting changes would be required?
The same setup works great with a pptp tunnel. There are none of the problems noted above. A pptp tunnel gets a 192.168.1.0/24 address assigned to the endpoint.
I suspect there is a way to do this with IPSec. Does anyone know how?
Comments are closed