Prasad wrote:>
> Hello all,
>
> I have a problem with one of my routing requirements when using IPSec
> along with a proprietary Mobile IP implementation. And sorry for such
> a long mail :(
>
> Here is a brief description of my situation: My client (mobile-node)
> has an IP address of 10.10.10.40, my gateway (actually home-agent) has
> an IP address of 10.10.10.1 and systems in my home network are in
> 10.0.0.0 network.
>
> 1. Mobile node tries to communicate with 10.10.10.4 (home network)
> 2. The packet from mobile node goes through IPSec and gets
> encapsulated in a tunnel. The encapsulating packet has a source
> address of 10.10.10.40 and destination address of 10.10.10.1 (the
> encapsulated packet is from 10.10.10.40 to 10.10.10.4... the source
> did not change)
> 3. The IPSec packet that came out is not sent through a Mobile IP
> tunnel. The new encapsulating packet has dest=<Internet IP of
> Home-Agent> and src=<Internet IP of mobile node>. (This packet
> encapsulates IPSec packet, which in-turn encapsulates the original
> packet)
> 4. The Home-Agent injects the original packet from 10.10.10.4 to
> 10.10.10.40 into the network!
>
> While all that was fine... one noticable thing is that the src address
> did not change in the initial IPSec tunneling.
>
Oops, the client machine I referred to below is the one on my home
network with IP address 10.10.10.4. Sorry for a misleading
explanation!> Now the client machine responds:
> A) Packet sent from client goes to home-agent. Home agent encapsulates
> the packet with IPSec. The destination for the packet was 10.10.10.40
> before it came to my system.
> B) The packet came to me (server, from the local network - it will
> come to me because i would be giving out a proxy arp) with a
> destination of 10.10.10.40. To make the packet go through IPSec, i
> probably should have a route that says 10.10.10.40 should be routed
> through ipsec0.
>
> Now the real problem is, the packet should also leave IPSec with
> destination as 10.10.10.40 (after encapsulation). The resulting
> packet should now be routed through another device created by my
> Mobile IP Driver.
>
> Is it possible to have such a routing table? If yes, how do I achieve
> this?
>
> Thanks,
> Prasad
> _______________________________________________
> LARTC mailing list
> LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
>