Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX not routing VPN usr's traffic to remote network

Status
Not open for further replies.
mahonm2

mahonm2

IS-IT--Management
Aug 11, 2003
3
US
Hey guys, I'm running into difficulty trying to get the following scenario up and running:

I have a PIX 501 configured to allow VPN clients to access recources on our local network (192.168.5.0) using Cisco VPN client software. No problem..

The need has arisen to allow these VPN users to access a server located over a T1 to a remote network (192.168.13.0), which for some reason I can't get up and running. The Cisco Client on the user's PC only shows 192.168.5.0 as a secure route. How do I pass along the secure route to 192.168.13.0?

Here's my ACL and route config:

access-list nonat permit ip 192.168.5.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list nonat permit ip 192.168.13.0 255.255.255.0 192.168.3.0 255.255.255.0
nat (inside) 0 access-list nonat
route inside 192.168.13.0 255.255.255.0 192.168.5.3

I can ping devices on the 192.168.13.0 network from the PIX, so the routes are OK.


VPN Users (VPN Pool 192.168.3.0)
|
|
Internet
|
|
DSL Modem
|
|
PIX 501
|
|
Local network (192.168.5.0)
|
|
Cisco 1602 Router (192.168.5.3)
|
|
Remote Network (192.168.13.0)

Thanks,
Matt
 
Sort by date Sort by votes
On the 192.168.5.3 router... do you have a static route for the VPN pool pointing to the PIX?
 
Upvote 0 Downvote
Does the cisco 1602 have a route to 192.168.3.0, the route should point at the inside address on the PIX.

Depending on your network configuration ypu could do this we a default route on the 1602.

Either way, my guess is that the 1602 dosent know how to route back to the user.

 
Upvote 0 Downvote
Yes, the 192.168.5.3 router has a static route to 192.168.3.0 with the PIX internal address as the next hop. I can ping the VPN client OK from this device.

I also have a static route on the remote router(192.168.13.1) to 192.168.3.0 with the next hop as the WAN port on the 192.168.5.3 router. I cannot ping the VPN client from that device. Tracert shows the path to the 192.168.5.3 router, but then times out after that.

Thanks
 
Upvote 0 Downvote
Ok, the WAN link, is it numbered?

If so When you ping from that router on the 13.0 network your ping source address is that of the WAN port.

Can you try an extended ping from the 192.168.13.1 router, use that address as the source. Or try a ping from a device on the 192.168.13.0 subnet.

Is there a route on the 192.168.5.3 router to 192.168.13.0?
 
Upvote 0 Downvote
Do a "show ip route 192.168.3.0" on both 192.168.5.3 and 192.168.13.1 routers, do they have a route for it? Also, look at the FAQ for safe posting and try to post your configuration.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
294
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
309
Johnkite
Johnkite
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
303
intel233
intel233
ciscokid1984
  • Locked
  • Question
Watchguard RDP from external network
Replies
1
Views
157
hairlessupportmonkey
hairlessupportmonkey
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
128
gkittelson
gkittelson

Part and Inventory Search

Sponsor

Back
Top