[vpn-help] Can IPSEC packets be routed sequentially through two different VPNs?

Bob Simon bsimon at att.net
Fri Oct 9 11:55:41 CDT 2015

I use the ShrewSoft VPN Client to temporarily set up a remote IPSEC VPN from my laptop at home to the office RV120 VPN Firewall.  Another permanent site-to-site IPSEC VPN is set up between the RV120 and a customer's site.  I can RDP from my laptop at home to my office computer, then from there I can RDP to the customer's server.  However, I cannot RDP from home to the customer's server. 

I logged into the customers Checkpoint firewall and ran a "fw monitor" trace.  This showed the progression of packets from the outside interface to the firewall’s kernel and from the kernel to the inside interface when pinging from the office.  No packets were received when I did the ping from my home.  In my laptop, I added a route statement to the customer's private network with the next hop set to the LAN address of the RV120 but this did not help so I wonder if this was the appropriate next hop.

In general, is it possible to route packets through two VPNs in series?  If not, why not?  If so, can you suggest what I need to do to make this work?

Bob Simon

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20151009/6922c18d/attachment.html>

More information about the vpn-help mailing list