This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--Apple-Mail-1-147526928
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed


On May 27, 2007, at 15:33 , David Young wrote:

> On Sat, May 26, 2007 at 05:03:43PM -0400, Andreas Wrede wrote:
>> Ok. I need to connect multiple private networks (currently 8) with
>> each other in a secure fashion.  At least 2 of these networks have
>> multiple connections to the Internet. Two of the gateways are Cisco
>> routers, the remaining 6 are NetBSD machines. There is a secondary
>> requirement to connect distant private networks, ie. networks that
>> have no Internet connection, only a private link to another private
>> network.
>>
>> My solution currently is to create a full mesh of tunnels between all
>> nodes, create IPsec transport encryption "underneath" each tunnel and
>> run OSPF on top to manage the routing.
>
> Are the private networks all in RFC1918 address space?  Are you
> coordinating RFC1918 addresses between networks?  If so, you can  
> uniquely
> address the hosts .178.223 and .14.216 by their RFC1918 addresses,
> and no hacks are necessary.

Yes, and yes.  The problem is that the gateway machines are running  
services for the outside (web server, DNS servers, etc) that inside  
users need to access as well.


-- 
     aew


--Apple-Mail-1-147526928
content-type: application/pgp-signature; x-mac-type=70674453;
	name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFGWjnwEh/h9J/TQyERAnhqAKCmgeuAdujbVqj361AT0+Qs3Fy+fQCgoNc8
Lzsw2zPtZd83hM3o1jROxXI=
=4mio
-----END PGP SIGNATURE-----

--Apple-Mail-1-147526928--