IPSec will maintain a table as a routing matching policies as Left -- Right pairs.
Assume 192.168.A.0/24 - 192.168.B.0/24 subnets are ipsec as a secured LAN, and
A wish to use gateway B as a default gateway, it must be set :
1.
A sets left = 192.168.A.0/24 right = 0.0.0.0/0
B sets left = 0.0.0.0/0 right = 192.168.A.0/24
2.
A removes "MASQUERADE" chain from NAT table
B adds 192.168.A.0/24 to MASQUERADE rule into NAT table
Then it is done.
沒有留言:
張貼留言