Hi
I have a VPN created between two Netscreen 5GT firewalls. Out of interest, I performed some traceroutes between clients on the private networks on either side of the VPN tunnel. I was expecting to get output identical to that I would have received if the destination IP was on a different subnet divided by a local router as below:
Local IP --> Local Internal Gateway --> Destination IP
I am however getting the following:
Local IP --> Local Internal Gateway --> Public Interface of Remote Firewall --> Destination IP
The details of the output are below:
C:\\Documents and Settings\\administrator>ipconfig
Windows IP Configuration
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . : home.local IP Address. . . . . . . . . . . . : 10.100.100.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.100.100.1
C:\\Documents and Settings\\administrator>tracert 192.168.1.14
Tracing route to 192.168.1.14 over a maximum of 30 hops
1 13 ms 6 ms 7 ms 10.100.100.1 2 46 ms 46 ms 46 ms x.x.233.220.exetel.com.au [220.233.x.x] 3 47 ms 43 ms 47 ms 192.168.1.14Trace complete.
Can anyone tell me why this is. I was under the assumption that the VPN encapsulation of the ICMP traffic would make it obvlious to any of the public internet routing occuring and it would not see the public IP of the remote firewall as it would not be until it was inside the firewall that it would be unencapsulated. This also makes me think that possibly the traffic is not being fully encrypted throughout its entire travel.
Thanks