First My Appologies for the subject, that's the best I could describe it. So here is my set up using fake ip addresses.
HLAN inside net 1.1.1.0/24
PIX1 inside 1.1.1.30
PIX1 outside 66.1.1.1
Router1 inside 1.1.1.254
Router1 outside 1.0.1.1
RLAN1 connected via ptp T1 inside net 3.3.3.0/24
Router2 outside 1.0.1.2
Router2 inside 3.3.3.1
RLAN2 connected via VPN inside net 4.4.4.0/24
PIX2 inside 4.4.4.1
PIX2 outside 68.1.1.1
So the VPN tunnel from HLAN to RLAN2 works fine, what I am hoping to accomplish is for devices on RLAN1 to be able to talk to devices on RLAN2.
I can ping from inside RLAN2 to inside HLAN
I can ping from PIX1 (using the ping command on the device itself) to inside RLAN2. To get this to work, I put in a static route to 3.3.3.0 using 1.1.1.254 as the gateway. Router1 has route to 3.3.3.0 on it already.
I tried adding routes to PIX2 and also tried adding 3.3.3.0 to the access-lists for crypto and nonat but no luck.
Could someone point me in the right direction.
Here is what I have for questions.
Do I need a new access-list for the traffic to 3.3.3.0?
Do I need a route for the traffic to 3.3.3.0 on PIX2 and/orPIX1?
Would the route on PIX2 be on the inside or outside interface?
Would the route on PIX2 use insde int of PIX1 as the default gateway or inside of router1?
Thanks in advance!
Leon
HLAN inside net 1.1.1.0/24
PIX1 inside 1.1.1.30
PIX1 outside 66.1.1.1
Router1 inside 1.1.1.254
Router1 outside 1.0.1.1
RLAN1 connected via ptp T1 inside net 3.3.3.0/24
Router2 outside 1.0.1.2
Router2 inside 3.3.3.1
RLAN2 connected via VPN inside net 4.4.4.0/24
PIX2 inside 4.4.4.1
PIX2 outside 68.1.1.1
So the VPN tunnel from HLAN to RLAN2 works fine, what I am hoping to accomplish is for devices on RLAN1 to be able to talk to devices on RLAN2.
I can ping from inside RLAN2 to inside HLAN
I can ping from PIX1 (using the ping command on the device itself) to inside RLAN2. To get this to work, I put in a static route to 3.3.3.0 using 1.1.1.254 as the gateway. Router1 has route to 3.3.3.0 on it already.
I tried adding routes to PIX2 and also tried adding 3.3.3.0 to the access-lists for crypto and nonat but no luck.
Could someone point me in the right direction.
Here is what I have for questions.
Do I need a new access-list for the traffic to 3.3.3.0?
Do I need a route for the traffic to 3.3.3.0 on PIX2 and/orPIX1?
Would the route on PIX2 be on the inside or outside interface?
Would the route on PIX2 use insde int of PIX1 as the default gateway or inside of router1?
Thanks in advance!
Leon