Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

PIX routing over vpn tunnel from remote LAN to LAN outside of host LAN

Status
Not open for further replies.
slyride

slyride

MIS
Feb 6, 2003
50
0
0
CO
First My Appologies for the subject, that's the best I could describe it. So here is my set up using fake ip addresses.

HLAN inside net 1.1.1.0/24
PIX1 inside 1.1.1.30
PIX1 outside 66.1.1.1
Router1 inside 1.1.1.254
Router1 outside 1.0.1.1

RLAN1 connected via ptp T1 inside net 3.3.3.0/24
Router2 outside 1.0.1.2
Router2 inside 3.3.3.1

RLAN2 connected via VPN inside net 4.4.4.0/24
PIX2 inside 4.4.4.1
PIX2 outside 68.1.1.1

So the VPN tunnel from HLAN to RLAN2 works fine, what I am hoping to accomplish is for devices on RLAN1 to be able to talk to devices on RLAN2.

I can ping from inside RLAN2 to inside HLAN
I can ping from PIX1 (using the ping command on the device itself) to inside RLAN2. To get this to work, I put in a static route to 3.3.3.0 using 1.1.1.254 as the gateway. Router1 has route to 3.3.3.0 on it already.

I tried adding routes to PIX2 and also tried adding 3.3.3.0 to the access-lists for crypto and nonat but no luck.

Could someone point me in the right direction.

Here is what I have for questions.
Do I need a new access-list for the traffic to 3.3.3.0?
Do I need a route for the traffic to 3.3.3.0 on PIX2 and/orPIX1?
Would the route on PIX2 be on the inside or outside interface?
Would the route on PIX2 use insde int of PIX1 as the default gateway or inside of router1?

Thanks in advance!
Leon
 
Sort by date Sort by votes
So my inexprience was shining here for sure. I had a beer and went back and did some reading and look at some sample configs. Turns out I just had on of my cryptomap access-list entries backwards. The solution ended up being this.

To the existing config added these lines on PIX1
access-list no_nat permit ip 3.3.3.0 255.255.255.0 4.4.4.0 255.255.255.0
access-list crypto1 permit ip 3.3.3.0 255.255.255.0 4.4.4.0 255.255.255.0

To the existing config added these lines on PIX2
access-list crypto1 permit ip 4.4.4.0 255.255.255.0 3.3.3.0 255.255.255.0
access-list no_nat permit ip 4.4.4.0 255.255.255.0 3.3.3.0 255.255.255.0
access-list outside_access_in permit ip 3.3.3.0 255.255.255.0 any
access-list outside_access_in permit tcp 3.3.3.0 255.255.255.0 any

So there it is. Cheers!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
140
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
138
Johnkite
Johnkite
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
67
gkittelson
gkittelson
intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
146
intel233
intel233
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
116
nnaarrnn
nnaarrnn

Part and Inventory Search

Sponsor

Back
Top