Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
256
Views
0
Helpful
2
Replies

routing to and from Verizon vpn for IOT sensors

sscarcella
Level 1
Level 1

‎01-16-2017 01:45 PM - edited ‎03-08-2019 08:55 AM

I have an old pix515e with inside interface 192.168.1.230 / 255.255.255.0, DMZ interface 10.10.20.1 / 255.255.255.248 and outside interface.

Behind this pix there is a 1921 router with interface 0/0: 10.10.20.2 / 255.255.255.248, interface 0/1: 192.168.1.253 / 255.255.255.0.  On this router there are also 2 tunnels to a Verizon VPN.  Tunnel0: 10.10.10.2 / 255.255.255.252, Tunnel1: 10.10.10.6 / 255.255.255.252.

Now I didnt configure the 1921 router, Verizon did.  Somehow there are devices on this Verizon VPN with network 10.10.0.0 / 255.255.254.0 and I need them to communicate with the 192.168.1.0 network as well as go out to the internet and have traffic come back in from the internet over SSL on port 3199.

I am able to ping back and forth from 192.168.1.0 network to both the router interfaces but I cannot get traffic from the tunnels...

I do not know any command line commands I am only using the PIX device manager and the Router CCP.

Can anyone help me?

I am able to print the config files for both pix and router but not sure what I need to hide if anything

Labels:
0 Helpful
2 Replies 2

mickyq
Level 1
Level 1

‎01-17-2017 03:46 AM

It depends what is on the other end of the Verizon VPN. Who manages the VPN?

It looks like the 10.10.0.0/23 is sub-netted down with two class c subnets, 10.10.10.2/29 and 10.10.10.6/29.

its possible the acl's need the 10.10.0.0/23 subnet adding to the interesting traffic so it uses the vpn tunnel.

As for ping, if you are on the 192.168.1.0/24 subnet you would be able to ping the local interface ip addresses of the subnets as they will be locally configured and the router will see them as attached.

if you want to show your config you should hide any external addresses, user names and passwords but I think you should be looking at the vpn config.

0 Helpful

sscarcella
Level 1
Level 1
In response to mickyq

‎01-17-2017 08:48 AM

Thanks for the response I will attach the config files for pix and router.  I have taken out all the NATs and ACLs and static routes I have tried since none of it worked...

Thanks for your help!

Preview file
18 KB
Preview file
8 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card