[Openswan Users] Cisco IP Redirect and L2TP
mlfreeswan at noci.xs4all.nl
Wed Dec 5 15:12:38 EST 2007
> > So maybe it is possible to define some kind of packethandling on the
> > openswan-box? the "no ip redirect" setting on the cisco is done for
> > security reasons and should not be disabled for always.
> What does "ip redirect" do? Does it alter other settings on the cisco?
Redirect means that a a Cisco send an ICMP packet back to tell the previous
hop at what MAC address the actual interface is if the interfaces are on the
EXTERNAL NET LAN
In this case when the the modem has a Route for all internal addresses to
the CISCO. When the device in one case actual is OTHERDEV and the CISCO knows
that a part is behind the OTHERDEV, then the CISCO will send a ICMP REDIRECT
Containing a reference to the intended target.
Without redirect no traffic will pass to OTHERDEV.
If the Router/Modem doesn't handle ICMP redirect you have a problem when on
the EXTERNAL NET.
This condition exists if the Router/Modem doesn;'t known about ICMP Rirects [
broken implementation] It should act on them or issue a message that it is
unable to route upstream.
And the ROUTING on the Router/Modem is not configured to correctly address the
RFC 792, ICMP Type 5
More information about the Users