I originally posted this over at the VPN forum, but did not receive much help so I am trying here.
Remote clinic - Cisco 831 router - 192.168.180.0 internal subnet
Local office - Cisco PIX firewall - 192.168.120.0, 192.168.140.0, 192.168.100.0, and 192.168.160.0 internal subnets
L2L IPSEC VPN tunnel works great, but the 192.168.180.0 users on the remote clinic can only communicate with the 192.168.100.0 subnet on the local site. All other traffic intended for the local site goes out the internet. It appears that the Crypto map is setup for the other subnets but it is not routing across the VPN.
Any help would appreciated.
Bulk of config for remote clinic below:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key DELETED address 70.182.XX.XXX
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to70.182.XX.XXX
set peer 70.182.XX.XXX
set transform-set ESP-3DES-SHA ESP-3DES-SHA1 SA2 SA3
match address 102
!
!
!
interface Ethernet0
description $ETH-LAN$
ip address 192.168.180.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Ethernet1
description $ETH-WAN$
ip address 98.190.XX.XXX 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
crypto map SDM_CMAP_1
!
ip classless
ip route 0.0.0.0 0.0.0.0 98.190.XX.XXX permanent
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface Ethernet1 overload
!
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.180.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.180.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 100 permit ip 192.168.180.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 100 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 101 remark SDM_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 192.168.180.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 101 permit ip 192.168.180.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.180.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 102 permit ip 192.168.180.0 0.0.0.255 172.16.0.0 0.0.0.255
access-list 102 permit ip 192.168.180.0 0.0.0.255 192.168.140.0 0.0.0.255
route-map SDM_RMAP_1 permit 1
match ip address 101
Remote clinic - Cisco 831 router - 192.168.180.0 internal subnet
Local office - Cisco PIX firewall - 192.168.120.0, 192.168.140.0, 192.168.100.0, and 192.168.160.0 internal subnets
L2L IPSEC VPN tunnel works great, but the 192.168.180.0 users on the remote clinic can only communicate with the 192.168.100.0 subnet on the local site. All other traffic intended for the local site goes out the internet. It appears that the Crypto map is setup for the other subnets but it is not routing across the VPN.
Any help would appreciated.
Bulk of config for remote clinic below:
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key DELETED address 70.182.XX.XXX
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to70.182.XX.XXX
set peer 70.182.XX.XXX
set transform-set ESP-3DES-SHA ESP-3DES-SHA1 SA2 SA3
match address 102
!
!
!
interface Ethernet0
description $ETH-LAN$
ip address 192.168.180.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Ethernet1
description $ETH-WAN$
ip address 98.190.XX.XXX 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
crypto map SDM_CMAP_1
!
ip classless
ip route 0.0.0.0 0.0.0.0 98.190.XX.XXX permanent
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface Ethernet1 overload
!
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.180.0 0.0.0.255
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.180.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 100 permit ip 192.168.180.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 100 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 101 remark SDM_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 192.168.180.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 101 permit ip 192.168.180.0 0.0.0.255 any
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip 192.168.180.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 102 permit ip 192.168.180.0 0.0.0.255 172.16.0.0 0.0.0.255
access-list 102 permit ip 192.168.180.0 0.0.0.255 192.168.140.0 0.0.0.255
route-map SDM_RMAP_1 permit 1
match ip address 101