Re: VPN3002 connecting to VPN3030 Concentrator

robert.l.jones · ‎08-25-2004

I can create a VPN tunnel from the VPN3002 to the VPN3030, but unable to access any resources. I am running Network extension mode. I beleive this is due to a routing issue, the internal network points to the PIX as the default gateway.

What is the Cisco recommended, or the best method to route the VPN3002 subnets back to the VPN3030.

travis-dennis_2 · ‎08-25-2004

You probably have a routing issue. You will need an inside router (nothing big, router-on-a-stick) to tell your 3002 subnet packets how to get back to the 3002 subnet once they get to the central site. Let's say your 3030 inside IP address is 10.0.10.100 and the 3002 private side network is 10.0.50.x. On the router you would enter ip route 10.0.50.0 255.255.255.0 10.0.10.100. The PIX as the default gateway is fine as well. If your PIX private ip address is 172.0.0.1 you would enter ip route 0.0.0.0 0.0.0.0 172.0.0.1 on the same inside router.

Hope this helps.

Please remember to rate all replies.

robert.l.jones · ‎08-25-2004

How about this configuration; my PIX has an extra 4-port module installed. Since the Inside E1 interface is the default gateway, can I send anything for VPN3002 Network 10.0.50.x out the E5 interface?

travis-dennis_2 · ‎08-25-2004

PIX Firewalls cannot do routing

robert.l.jones · ‎08-26-2004

Can a VPN concentrator do routing? If I make the private interface of the concentrator the LAN default gateway, and any address not for the VPN3002 clients get routed to the PIX.

-OR-

If I put the VPN concentrator behind the PIX, and do a pass thru for all ISAKMP, ESP, and AH. Would that provide the necessary routing?