RE: S2S VPN: why are static routes sometimes needed?

• From: "MJ" <mjtech@xxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Sun, 8 Jan 2006 15:25:27 -0500

ok then how will it reach this route:

Network Destination     Netmask         Gateway                 Interface       
        Metric
        192.168.1.0             255.255.255.0   10.254.253.1            
10.254.253.10   1

if there is no gateway(10.254.253.1) configured on the
interface(10.254.253.10)?

just wondering.

Thanks

From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Sunday, January 08, 2006 3:16 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: S2S VPN: why are static routes sometimes needed?


http://www.ISAserver.org

Routing table entries.

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**



> -----Original Message-----
> From: MJ [mailto:mjtech@xxxxxxxxx]
> Sent: Sunday, January 08, 2006 2:09 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: S2S VPN: why are static routes
> sometimes needed?
>
> http://www.ISAserver.org
>
> then how will ISA reach all routes outside it's own subnet?
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Sunday, January 08, 2006 3:03 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: S2S VPN: why are static routes
> sometimes needed?
>
>
> http://www.ISAserver.org
>
> Having a default gateway configured on the internal interface
> will cause
> BIG problems.
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: MJ [mailto:mjtech@xxxxxxxxx]
> > Sent: Sunday, January 08, 2006 1:59 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: S2S VPN: why are static routes
> > sometimes needed?
> >
> > http://www.ISAserver.org
> >
> > Will not having a default gateway on the inside interface casue this
> > problem?
> >
> > -----Original Message-----
> > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > Sent: Sunday, January 08, 2006 1:53 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: S2S VPN: why are static routes
> > sometimes needed?
> >
> >
> > http://www.ISAserver.org
> >
> > In order to solve this question, you need to compare:
> > - windows routing table (route print)
> > - Windows IP configuration (ipconfig)
> > - ISA network object addresses
> >
> > If there are *any* addresses defined in an ISA network
> > address list that
> > disagree with the Windows routing table, you'll see these alerts.
> >
> > --------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > --------------------------------------------
> >
> > -----Original Message-----
> > From: MJ [mailto:mjtech@xxxxxxxxx]
> > Sent: Sunday, January 08, 2006 10:44 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: S2S VPN: why are static routes
> > sometimes needed?
> >
> > http://www.ISAserver.org
> >
> > thanks for responding.
> > what you're saying makes sense to me, but what the error message is
> > talking
> > about is something else.
> > this is something that I don't see through "route print"
> > here is all the message:
> > --------------------------------------------------------------
> > ----------
> > ----
> > -------------------------------------------------
> > Description: ISA Server detected routes through adapter
> > InternalConnection
> > that do not correlate with the network element to which this adapter
> > belongs. For best practice, the address range of an ISA
> Server network
> > should match the address ranges routable through the
> > associated network
> > adapter as defined in the routing table. Otherwise valid
> > packets may be
> > dropped as spoofed. (This alert may occur momentarily when
> > you create a
> > remote site network. You may safely ignore this message if
> it does not
> > reoccur.)  The address ranges in conflict are:
> > 10.1.10.0-10.1.10.15;10.2.0.0-10.2.0.255;10.2.1.16-10.2.1.48;1
> > 0.2.1.51-1
> > 0.2.
> > 1.55;10.2.1.64-10.2.1.80;10.2.1.83-10.2.2.255;10.2.5.0-10.2.16
> > .51;10.2.1
> > 6.53
> > -10.2.255.255;10.192.0.0-10.192.1.255;10.192.3.0-10.192.190.25
> > 5;10.192.1
> > 93.0
> > -10.192.255.255;10.249.0.0-10.249.1.4;10.249.1.6-10.249.2.255;
> > 10.249.4.0
> > -10.
> > 249.4.255;10.249.6.0-10.249.6.255;10.249.8.0-10.249.9.255;10.2
> > 49.12.0-10
> > .249
> > .255.255;10.254.237.0-10.254.245.255;10.254.255.0-10.254.255.2
> > 55;172.16.
> > 0.0-
> > 172.16.252.255;172.16.254.0-172.16.255.255;192.168.0.0-192.168
> > .19.255;19
> > 2.16
> > 8.30.0-192.168.99.255;192.168.115.0-192.168.118.255;192.168.13
> > 5.0-192.16
> > 8.13
> > 5.255;192.168.137.0-192.168.141.255;192.168.161.0-192.168.162.
> > 255;192.16
> > 8.16
> > 6.0-192.168.166.255;192.168.168.0-192.168.168.255;192.168.182.
> > 0-192.168.
> > 198.
> > 255;192.168.200.0-192.168.200.255;192.168.211.0-192.168.211.25
> > 5;192.168.
> > 223.
> > 0-192.168.223.255;192.168.225.0-192.168.225.255;192.168.236.0-
> > 192.168.24
> > 4.25
> > 5;192.168.246.0-192.168.247.255;192.168.249.0-192.168.253.255;
> > 192.168.25
> > 5.0-
> > 192.168.255.255;.
> > <br>ISA Server detected routes through adapter
> InternetConnection that
> > do
> > not correlate with the network element to which this
> adapter belongs.
> > For
> > best practice, the address range of an ISA Server network
> should match
> > the
> > address ranges routable through the associated network adapter as
> > defined in
> > the routing table. Otherwise valid packets may be dropped
> as spoofed.
> > (This
> > alert may occur momentarily when you create a remote site
> network. You
> > may
> > safely ignore this message if it does not reoccur.)  The
> > address ranges
> > in
> > conflict are:
> > 10.2.0.0-10.2.0.255;10.2.1.16-10.2.1.48;10.2.1.51-10.2.1.55;10
> > .2.1.64-10
> > .2.1
> > .80;10.2.1.83-10.2.2.255;10.2.5.0-10.2.16.51;10.2.16.53-10.2.2
> > 55.255;10.
> > 192.
> > 0.0-10.192.1.255;10.192.3.0-10.192.190.255;10.192.193.0-10.192
> > .255.255;1
> > 0.24
> > 9.0.0-10.249.1.4;10.249.1.6-10.249.2.255;10.249.4.0-10.249.4.2
> > 55;10.249.
> > 6.0-
> > 10.249.6.255;10.249.8.0-10.249.9.255;10.249.12.0-10.249.255.25
> > 5;10.254.2
> > 37.0
> > -10.254.245.255;10.254.255.0-10.254.255.255;172.16.0.0-172.16.
> > 252.255;17
> > 2.16
> > .254.0-172.16.255.255;192.168.0.0-192.168.19.255;192.168.30.0-
> > 192.168.99
> > .255
> > ;192.168.115.0-192.168.118.255;192.168.135.0-192.168.135.255;1
> > 92.168.137
> > .0-1
> > 92.168.141.255;192.168.161.0-192.168.162.255;192.168.166.0-192
> > .168.166.2
> > 55;1
> > 92.168.168.0-192.168.168.255;192.168.182.0-192.168.198.255;192
> > .168.200.0
> > -192
> > .168.200.255;192.168.211.0-192.168.211.255;192.168.223.0-192.1
> > 68.223.255
> > ;192
> > .168.225.0-192.168.225.255;192.168.236.0-192.168.244.255;192.1
> > 68.246.0-1
> > 92.1
> > 68.247.255;192.168.249.0-192.168.253.255;192.168.255.0-192.168
> > .255.255;1
> > 0.1.
> > 10.0-10.1.10.15;10.255.255.255-10.255.255.255;.
> > --------------------------------------------------------------
> > ----------
> > ----
> > -------------------------------------------------
> >
> > Thanks
> >
> > -----Original Message-----
> > From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxxxx]
> > Sent: Sunday, January 08, 2006 1:37 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: S2S VPN: why are static routes
> > sometimes needed?
> >
> >
> > http://www.ISAserver.org
> >
> > Hi Roy,
> >
> > I'm not sure I understand your question!?!?
> >
> > If I'm the administrator of ISA-A, I define the remote network
> > 192.168.44.0/24 as reachable through the tunnel endpoint
> 192.168.1.30.
> > Now,
> > 192.168.1.0/24 is a directly connected network. Why do I need
> > to create
> > a
> > static route for 192.168.44.0/24 with Gateway 192.168.1.30 before it
> > works?
> >
> > Thanks,
> > Stefaan
> >
> > -----Original Message-----
> > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
> > Sent: zondag 8 januari 2006 14:12
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: S2S VPN: why are static routes
> > sometimes needed?
> >
> > http://www.ISAserver.org
> >
> > Hi Stefaan,
> >
> > Let us cencer on your initial diagrams you illustruated.
> > In case the S2S VPN is within the protected network of ISA,
> > it would be
> > another story.
> >
> > If your saying "The route decision should be made on the outer IP
> > header"
> > is correct, why you need to addup a static route from ISA-A
> > to internal
> > network ID of ISA-B, then why you ask for this question??
> >
> > Thanks,
> >
> > Roy Tsao
> >
> > > Hi Roy,
> > >
> > > You wrote "ISA decides route before processing ESP". That
> would be a
> > > very stupid way of determining the route! The route
> > decision should be
> > > made on the outer IP header (the tunnel) and not on the inner IP
> > > header (the encapsulated traffic). In my case the remote tunnel
> > > endpoint is on a direct connected network. So, the router RTR
> > shouldn't be
> > envolved at all.
> > >
> > > As an example, two more diagrams were a S2S VPN
> connection is needed
> > > through a partner connection:
> > >
> > >                  +--- [RT1] --- Internet
> > > LAN --- [ISA] ---+
> > >                  +--- [RT2] --- Partner Network
> > >
> > >
> > > LAN --- [ISA] --- [RT1] --- Internet
> > >           !
> > >           +------ [RT2] --- Partner Network
> > >
> > >
> > > Thanks,
> > > Stefaan
> > >
> > >
> > > -----Original Message-----
> > > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
> > > Sent: zondag 8 januari 2006 9:24
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: S2S VPN: why are static routes sometimes
> > needed?
> > >
> > > http://www.ISAserver.org
> > >
> > >
> > > Hi Stefaan,
> > >
> > > After various lab test by me and also other ISA fans, we
> suspect in
> > our
> > > environment, you can add up a static route from upstream router to
> > ISA-B's
> > > external NIC. This is becuase
> > > - no route tale change at ISA after enable S2S IPsec Tunnel VPN
> > > - ISA decides route before processing ESP
> > > - ESP is sent based on fixed route when packet exit ISA.
> > > - when upstream router receive ESP heading for ISA-B's
> > exernal NIC, it
> > has
> > > no route information at all!
> > >
> > > To addup a static route at ISA-A to ISA-B's internal
> > network ID is one
> > of
> > > soultion based on above reason. However, is it more
> proper to set up
> > adjust
> > > route setting at upstream route? or any reason like
> security concern
> > is
> > > there making impossible?
> > >
> > > As for your 2nd test scenario, may I understand the failure
> > is due to
> > > diabled packet relay at router side?
> > >
> > >
> > >
> > > > Hi Jim,
> > > >
> > > > OK, I took up the challenge and replaced ISA-B with a
> Windows 2003
> > > > RRAS server :-)
> > > >
> > > > With the help of
> > > > http://support.microsoft.com/default.aspx?scid=kb;en-us;816514 I
> > > > configured an IPSec tunnel to the ISA-A. Guess what... you are
> > right!
> > > > I found exact the same behavior.
> > > >
> > > > I even simplified further the test environment as follows:
> > > >
> > > >                       192.168.1.0/24
> > > >                            vvv
> > > >   LAN-A -------- [ISA-A] ---+
> > > > 192.168.22.0/24         .10 !
> > > >                             +--- [RTR] --- Internet
> > > >                             !  .1
> > > >                         .30 !
> > > >   LAN-B -------- [ISA-B] ---+
> > > > 192.168.44.0/24
> > > >
> > > >
> > > > On ISA-A:
> > > > ---------
> > > >
> > > > Remote Site Network contains:
> > > > - 192.168.1.30/32
> > > > - 192.168.44.0/24
> > > >
> > > > If Default gateway = 192.168.1.1 then the static route
> > > > '192.168.44.0/24 Gateway 192.168.1.30' is needed.
> > > > If Default gateway = 192.168.1.30 then no static routes
> > are needed.
> > > >
> > > >
> > > > On ISA-B:
> > > > ---------
> > > >
> > > > Remote Site Network contains:
> > > > - 192.168.1.10/32
> > > > - 192.168.22.0/24
> > > >
> > > > If Default gateway = 192.168.1.1 then the static route
> > > > '192.168.22.0/24 Gateway 192.168.1.10' is needed.
> > > > If Default gateway = 192.168.1.10 then no static routes
> > are needed.
> > > >
> > > >
> > > > Thanks,
> > > > Stefaan
> > > >
> > > > -----Original Message-----
> > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > > > Sent: dinsdag 27 december 2005 21:23
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: S2S VPN: why are static routes sometimes
> > needed?
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > That is odd, but I'll bet you find that this behavior
> is the same
> > > > without ISA.
> > > > RRAS and the TCP/IP stack, not ISA, handle the actual packet
> > routing.
> > > >
> > > > --------------------------------------------
> > > > Jim Harrison
> > > > MCP(NT4, W2K), A+, Network+, PCG
> > > > http://isaserver.org/Jim_Harrison/
> > > > http://isatools.org
> > > > Read the help / books / articles!
> > > > --------------------------------------------
> > > > -----Original Message-----
> > > > From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxxxx]
> > > > Sent: Tuesday, December 27, 2005 4:58 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] S2S VPN: why are static routes
> > sometimes needed?
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Hi,
> > > >
> > > > it seems that if a S2S VPN connection of type IPSec
> Tunnel is used
> > and
> > > > if the remote tunnel endpoint can't be reached through
> the default
> > > > gateway, then you need to create extra static routes for
> > the remote
> > > > network ID's reachable through that remote tunnel
> > endpoint. I don't
> > > > understand why this is needed? Take note that there were
> > no problems
> > > > in setting up the IPSec MM and QM SA's!
> > > >
> > > > To explain it better, here is a little diagram of the lab setup:
> > > >
> > > >                       192.168.1.0/24
> > > >                            vvv
> > > >   LAN-A -------- [ISA-A] ---+
> > > > 192.168.22.0/24         .10 !
> > > >                             +--- [RTR] --- Internet
> > > >                             !  .1
> > > >                         .30 !
> > > >                          [RTR-B]
> > > >                             ! .1
> > > >                         .10 !
> > > >   LAN-B -------- [ISA-B] ---+
> > > > 192.168.44.0/24            ^^^
> > > >                       192.168.11.0/24
> > > >
> > > >
> > > > On ISA-A:
> > > > ---------
> > > >
> > > > Remote Site Network contains:
> > > > - 192.168.11.10/32
> > > > - 192.168.44.0/24
> > > >
> > > > Default gateway: 192.168.1.1
> > > >
> > > > Static routes configured:
> > > > - 192.168.11.0/24 Gateway 192.168.1.30
> > > > - 192.168.44.0/24 Gateway 192.168.1.30 <<<< WHY is this
> one needed
> > ???
> > > >
> > > >
> > > > On ISA-B:
> > > > ---------
> > > >
> > > > Remote Site Network contains:
> > > > - 192.168.1.10/32
> > > > - 192.168.22.0/24
> > > >
> > > > Default Gateway: 192.168.11.1
> > > >
> > > > No static routes configured.
> > > >
> > > >
> > > > Test:
> > > > -----
> > > >
> > > > From a host on LAN-B ping a host on LAN-A. Without the
> > static route
> > > > '192.168.44.0/24 Gateway 192.168.1.30' on ISA-A, I can
> > see the ping
> > > > request and reply on LAN-A but the reply never makes it back to
> > LAN-B.
> > > > The ping reply just disappeared into thin air! Creating
> the static
> > > > route and bingo, it works. What's the logic behind this
> behavior?
> > > >
> > > >
> > > > Thanks,
> > > > Stefaan
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > mjtech@xxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > jim@xxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > All mail to and from this domain is GFI-scanned.
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > mjtech@xxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> mjtech@xxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
mjtech@xxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?
• » RE: S2S VPN: why are static routes sometimes needed?

1. Home
2. isalist
3. Archive
4. 01-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---