07-12-2005 04:31 AM - edited 03-02-2019 11:21 PM
routing problem
My setup
L3(10.2.1.1) -> 2600 router (10.2.1.50) -> pix#1 506(10.2.1.179) for internet or -> pix#2 506(10.2.1.35) which used vpn remote site 10.3.0.0
my problem is that i have 10 to 12 vlan. the default vlan1 (10.2.0.0) has a vpn connectivty to the remote site and its working fine
I want my vlan12 (10.4.4.96/27) to access the remote site 10.3.0.0. I have done most part of pix work. I had done some POLICY BASE ROUTING on my router which redirect the traffic to 10.2.1.35
this is my router config, i have applied to route-map to fastethernet 0/0
my router config
----------------
ip route 0.0.0.0 0.0.0.0 10.2.1.35
ip route 10.1.1.0 255.255.255.0 10.2.1.35
ip route 10.3.0.0 255.255.0.0 10.2.1.35
ip route 10.4.4.0 255.255.255.0 10.2.1.1
ip route 10.4.10.0 255.255.255.0 10.2.1.1
ip route 10.4.11.0 255.255.255.0 10.2.1.1
ip route 10.232.0.0 255.255.0.0 10.2.1.35
ip route 192.168.100.0 255.255.255.0 10.2.1.1
no ip http server
ip pim bidir-enable
!
logging trap notifications
logging 10.2.1.21
access-list 101 permit tcp any any
access-list 101 permit icmp any any
access-list 101 permit udp any any
access-list 110 permit ip host 10.50.0.1 host 10.50.0.2
access-list 110 permit ip host 10.2.1.50 host 10.50.0.2
access-list 150 permit ip 10.4.5.0 0.0.0.255 any
access-list 150 permit ip 10.4.7.0 0.0.0.255 any
access-list 150 permit ip 10.2.0.0 0.0.255.255 any
access-list 150 permit ip 192.168.100.0 0.0.0.255 any
access-list 150 permit ip 10.4.4.0 0.0.0.63 any
access-list 150 permit ip 10.4.4.128 0.0.0.127 any
access-list 160 permit ip 10.4.4.96 0.0.0.31 any
route-map pvc permit 10
match ip address 150
set ip next-hop 10.2.1.179
!
route-map pvc permit 20
match ip address 160
set ip next-hop 10.2.1.35
how do i go about or what need to be done!!!!!
Ramp
07-12-2005 05:55 AM
Your requirement is
1. I want my vlan12 (10.4.4.96/27) to access the remote site 10.3.0.0.
Ans: you already have a static route to the remote site 10.3.0.0 with next-hop as 10.2.1.35, So you do not need a PBR for this remote site and even the default route is towards PIX2.
Now all you need to check is,
1.Configure the VPN on PIX2
2.When the tunnel is up, try to ping and traceroute from 10.4.4.96/27 subnet to remote subnet 10.3.0.0 to verify the path.
If you still have some issues, let me know and I will help you in fixing it.
thanks,
Naveen V
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide