[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Trans.: Re: [afnog] Oposite of VPN ?
- To: afnog at afnog.org
- Subject: Trans.: Re: [afnog] Oposite of VPN ?
- From: Mohamadi ZONGO <mzongo at zcp.bf>
- Date: Mon, 18 Aug 2003 17:28:32 +0000
- Content-Transfer-Encoding: 8bit
- Content-Type: text/plain; charset=utf-8
- Delivered-To: afnog-archive at lists.eahd.or.ug
- Delivered-To: afnog at afnog.org
- List-Archive: <http://listserv4.cfi.co.ug/pipermail/afnog>
- List-Help: <mailto:afnog-request at afnog.org?subject=help>
- List-Id: The AfNOG general discussion list <afnog.afnog.org>
- List-Post: <mailto:afnog at afnog.org>
- List-Subscribe: <http://listserv4.cfi.co.ug/mailman/listinfo/afnog>,<mailto:afnog-request at afnog.org?subject=subscribe>
- List-Unsubscribe: <http://listserv4.cfi.co.ug/mailman/listinfo/afnog>,<mailto:afnog-request at afnog.org?subject=unsubscribe>
- Sender: afnog-bounces at afnog.org
- User-Agent: Internet Messaging Program (IMP) 3.1
A forward (to afnog) this mail , sent only to Brian by inadvertance!
sorry Brian, you will receive this mail twice!
tanks a lot to all of you in this list working to make each other life
easier.
---
Mohamadi ZONGO
----- Message transféré de Mohamadi ZONGO <mzongo at zcp.bf> -----
Date : Mon, 18 Aug 2003 15:23:30 +0000
De : Mohamadi ZONGO <mzongo at zcp.bf>
Adresse de retour :Mohamadi ZONGO <mzongo at zcp.bf>
Sujet : Re: [afnog] Oposite of VPN ?
À : Brian Candler <B.Candler at pobox.com>
Tanks Brian for this quick response.
I am going to setup this.
Another question :
In the mean time i was reading a lot of paper talking about VLAN on switches,
an howto do inter VLAN communication. Almost all these paper are from cisco
explanning howto do this with cisco routers an cisco catalyst switches.
I am rather using cisco routers (2611, 1600 and 1000) and DLINK switches
(Dlink 3624i)
If Someone here already experiment or know about inter vlan communication with
cisco router and switches other than cisco's one, i will apreciate his/here
advice.
Tanks in advance
---
Mohamadi ZONGO
ZCP Informatique
Selon Brian Candler <B.Candler at pobox.com>:
> On Fri, Aug 15, 2003 at 08:32:42PM +0000, Mohamadi ZONGO wrote:
> > The diagram look like this :
> >
> > INTERNET Intranet
> > / leased
> > / line
> > R1----+---- FW ----+----R2=========R3-----+-------+
> > / / / /
> > / / / /
> > VPN1 TRUSTED NET1 TRUSTED NET2 VPN2---+--
> > /
> > /
> > ^^^^^^^^^^ CYBERCAFE(UNTRUSTED)
> > UNTRUSTED
>
> Absolutely. As long as VPN1 and VPN2 can 'see' each other's outside IP
> address, i.e. FW policy permits the tunnel packets between VPN1 and VPN2,
> and VPN2 routes *all* cybercafe traffic over the tunnel, this will be fine.
> If someone in the cybercafe were to try to access the trusted net, they
> would find themselves on the 'outside' of FW.
>
> R1 will probably have a static route for the subnet you've allocated to the
> cybercafe pointing at VPN1 (unless VPN1 participates in your IGP)
>
> Regards,
>
> Brian.
>
-----------------------------------------------------------------------------------------
Ce message à été envoyé à partir du Webmail de ZCP: https://webmail.zcp.bf
----- Fin du message transféré -----
-----------------------------------------------------------------------------------------
Ce message à été envoyé à partir du Webmail de ZCP: https://webmail.zcp.bf
__________________________________________________
This is the Africa Network Operators' Group(AfNOG)
technical discussion list.
The AfNOG website is: <http://www.afnog.org>