Communication with remote VPNs using SecureClient

[ppayne]

We have two SPLAT boxes running R65 in a cluster. We have two VPN tunnels to different sites. We have remote users that connect to our network using Secureclient. My question is, is it possible for the Secureclient users to communicate with nodes on our remote VPN sites? Is so, how?

[mikem]

I would think so if you are using hub mode and your network routes correctly.

There could be some NAT issues depending on topology.

Mike

[ppayne]

Thanks for the reply mikem. I have a Star community with "To center and to other satellites through the center" selected. Do i need to do any additional routing in SPLAT?

[lammbo]

Since you say you are running SecureClient, I assume you are using Office mode. Since Office Mode subnets are part of your topology, you shouldn't have to do anything else for routing.

[mcnallym]

What I would do is this

Configure your site-to site VPN as normal with normal encryption domains.
Then add the Office mode subnet to the encryption domain of the central gateway.

Your central gateway thus has VPN's to remote gateways and they see the Secure Client Office Mode as being connected to the Central Gateway.

Then on the Central Gateway set a seperate Remote Access Encryption Domain and set this to be the internal nets at the central office and the remote networks behind the remote gateways. Do not include the Office mode in the Remote Access Enc Domain.

This therefore tells the SecureClient that the remote networks are reached by the Central office and the remote gateways know the office mode is reached via the central gateway.

This is how I configure and it works for me on R65.