How to bring a computer through the head office to the Internet from a site connected via IPSec?

R

rokotrnd2019-06-13 12:46:36

Network routing

rokotrnd, 2019-06-13 12:46:36

There are several geographically distributed offices, the connection between them is based on IPSec tunneling between D-Link DFL 1660. Internet access is available only (according to the security policy) from the workstations of the head office - office A (mainly through NAT on D-Link).
Now there is another site - office B, also connected via IPSec, on which a pair of workstations need the Internet THROUGH the head office, and not directly. At the same time, we do not administer the active network equipment of office B (network 172. .. . ..) (this is a foreign organization), but we have full rights only on the computers themselves.
On our D-Link, we create a rule that the Internet is available for the office B network that came to us from IPSec, and we also create a NAT rule for accessing the office B Internet network. But these settings do not work.
Admins of a foreign organization say that on their gateway everything is allowed in our direction.
What could be the blockage?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

P

poisons, 2019-06-13
@poisons

1. You begin to administer the network equipment of site B and correctly configure ipsec policy there so that traffic with dst 0.0.0.0/0 and src - the necessary computers fall under it. Check that this traffic is not natitsya and flies into the tunnel.
2. Deploy socks/proxy on your site and point it to clients.
Perhaps there is a third option