Re: Cisco 871: Allow connections between two different VPN subne

itlengineering · ‎01-20-2010

We have two Cisco 871 routers in different locations which are VPN'ed together using EzVPN Server and EzVPN Remote. They are set up as follows

*** Primary 871 ***

Subnet: 192.168.0.0

Role: EzVPN Server

*** Remote 871 ***

Subnet: 192.168.1.0

Role :EzVPN Remote

Because there is a VPN connection between these two routers, users on the 192.168.0 subnet can access the 192.168.1 subnet and vice versa without issue. However, we also have users out in the field who are using the Cisco VPN client on their machines to establish a VPN connection to the Primary 871. Once connected, these users receive a 192.168.9 IP address via DHCP, and have full access to the 192.168.0 subnet. However, these users are unable to access the 192.168.1 subnet. I'm guessing that this is a NAT and/or ACL problem, but I'm not quite sure which rules need to be in place on which router(s) in order for the 192.168.1 subnet and the 192.168.9 subnet to be able to communicate with one another.

If anyone could provide any insight/assistance on this matter, it would be much appreciated.

Best Regards,

Steven

Collin Clark · ‎01-20-2010

On the head end 871 you need to add the 192.168.1.0 network and 192.168.9.0 network in the NAT0 and the crypto ACL. In the remote router you will need the same thing.

itlengineering · ‎01-21-2010

Collin_Clark wrote:

On the head end 871 you need to add the 192.168.1.0 network and 192.168.9.0 network in the NAT0 and the crypto ACL. In the remote router you will need the same thing.

That's exactly what I was looking for! That worked without a hitch. Thanks for your help!

Best Regards,

Steven

Cisco 871: Allow connections between two different VPN subnets