How to reach a second net through vpn......

lgeertsen · ‎01-06-2003

I have conf. a cisco 1721 and a WatchGuard firewall. The tunnel between the two sites works fine. But on the cisco site I have another remote net which I want to reach over my vpn. On the cisco site I added an other access-list allowing the net on the other site of the vpn to access the remote net on the cisco site.

access-list permit ip 192.40.200.0 0.0.0.255 192.168.77.0 0.0.0.255 (works)

access-list permit ip 192.40.211.0 0.0.0.255 192.168.77.0 0.0.0.255 (is this

acces-list wrong or just not enough on the cisco site to get it working ??????

lars

jfrahim · ‎01-06-2003

Hi Lars,

All you need to do is to add another entry in your existing Encryption ACL

For example, if you had:

access-list 100 permit ip 192.40.200.0 0.0.0.255 192.168.77.0 0.0.0.255

to encrypt the traffic, then all you need to do is add:

access-list 100 permit ip 192.40.211.0 0.0.0.255 192.168.77.0 0.0.0.255

That's all on the Cisco side.

Make sure that Watchguard supports having multiple SA ( or multiple subnets ) going to a specific peer. I think there are many different vendors who only support one subnet per peer for the IPSec connections

Hope that helps

Jazib