Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
243
Views
0
Helpful
1
Replies

routing problem

pillairamesh
Level 1
Level 1

‎07-12-2005 04:31 AM - edited ‎03-02-2019 11:21 PM

routing problem

My setup

L3(10.2.1.1) -> 2600 router (10.2.1.50) -> pix#1 506(10.2.1.179) for internet or -> pix#2 506(10.2.1.35) which used vpn remote site 10.3.0.0

my problem is that i have 10 to 12 vlan. the default vlan1 (10.2.0.0) has a vpn connectivty to the remote site and its working fine

I want my vlan12 (10.4.4.96/27) to access the remote site 10.3.0.0. I have done most part of pix work. I had done some POLICY BASE ROUTING on my router which redirect the traffic to 10.2.1.35

this is my router config, i have applied to route-map to fastethernet 0/0

my router config

----------------

ip route 0.0.0.0 0.0.0.0 10.2.1.35

ip route 10.1.1.0 255.255.255.0 10.2.1.35

ip route 10.3.0.0 255.255.0.0 10.2.1.35

ip route 10.4.4.0 255.255.255.0 10.2.1.1

ip route 10.4.10.0 255.255.255.0 10.2.1.1

ip route 10.4.11.0 255.255.255.0 10.2.1.1

ip route 10.232.0.0 255.255.0.0 10.2.1.35

ip route 192.168.100.0 255.255.255.0 10.2.1.1

no ip http server

ip pim bidir-enable

!

logging trap notifications

logging 10.2.1.21

access-list 101 permit tcp any any

access-list 101 permit icmp any any

access-list 101 permit udp any any

access-list 110 permit ip host 10.50.0.1 host 10.50.0.2

access-list 110 permit ip host 10.2.1.50 host 10.50.0.2

access-list 150 permit ip 10.4.5.0 0.0.0.255 any

access-list 150 permit ip 10.4.7.0 0.0.0.255 any

access-list 150 permit ip 10.2.0.0 0.0.255.255 any

access-list 150 permit ip 192.168.100.0 0.0.0.255 any

access-list 150 permit ip 10.4.4.0 0.0.0.63 any

access-list 150 permit ip 10.4.4.128 0.0.0.127 any

access-list 160 permit ip 10.4.4.96 0.0.0.31 any

route-map pvc permit 10

match ip address 150

set ip next-hop 10.2.1.179

!

route-map pvc permit 20

match ip address 160

set ip next-hop 10.2.1.35

how do i go about or what need to be done!!!!!

Ramp

Labels:
0 Helpful
1 Reply 1

naveen.venkatesh
Level 1
Level 1

‎07-12-2005 05:55 AM

Your requirement is

1. I want my vlan12 (10.4.4.96/27) to access the remote site 10.3.0.0.

Ans: you already have a static route to the remote site 10.3.0.0 with next-hop as 10.2.1.35, So you do not need a PBR for this remote site and even the default route is towards PIX2.

Now all you need to check is,

1.Configure the VPN on PIX2

2.When the tunnel is up, try to ping and traceroute from 10.4.4.96/27 subnet to remote subnet 10.3.0.0 to verify the path.

If you still have some issues, let me know and I will help you in fixing it.

thanks,

Naveen V

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card