08-25-2004 04:29 AM - edited 03-09-2019 08:35 AM
I can create a VPN tunnel from the VPN3002 to the VPN3030, but unable to access any resources. I am running Network extension mode. I beleive this is due to a routing issue, the internal network points to the PIX as the default gateway.
What is the Cisco recommended, or the best method to route the VPN3002 subnets back to the VPN3030.
08-25-2004 06:03 AM
You probably have a routing issue. You will need an inside router (nothing big, router-on-a-stick) to tell your 3002 subnet packets how to get back to the 3002 subnet once they get to the central site. Let's say your 3030 inside IP address is 10.0.10.100 and the 3002 private side network is 10.0.50.x. On the router you would enter ip route 10.0.50.0 255.255.255.0 10.0.10.100. The PIX as the default gateway is fine as well. If your PIX private ip address is 172.0.0.1 you would enter ip route 0.0.0.0 0.0.0.0 172.0.0.1 on the same inside router.
Hope this helps.
Please remember to rate all replies.
08-25-2004 08:30 AM
How about this configuration; my PIX has an extra 4-port module installed. Since the Inside E1 interface is the default gateway, can I send anything for VPN3002 Network 10.0.50.x out the E5 interface?
08-25-2004 05:39 PM
PIX Firewalls cannot do routing
08-26-2004 03:59 AM
Can a VPN concentrator do routing? If I make the private interface of the concentrator the LAN default gateway, and any address not for the VPN3002 clients get routed to the PIX.
-OR-
If I put the VPN concentrator behind the PIX, and do a pass thru for all ISAKMP, ESP, and AH. Would that provide the necessary routing?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide