Re: secondary subnet trough PIX-PIX VPN tunnel

kurt · ‎12-14-2005

I have a well function IPSEC tunnel betwen to PIX 501. Now I need to route a secondary subnet trough the tunnel. In site A, I have IP address 10.10.10.0/24, site B 10.10.11.0/24 and behinde a router 192.168.1.0/24. It is possible?

michelcaissie · ‎12-14-2005

In PIX A you will have to add a line in your nonat acl and crypto acl

permit ip 10.10.10.0 255.255.255.0 192.168.1.0 255.255.255.0

Same thing in PIX B

permit ip 192.168.1.0 255.255.255.0 10.10.10.0 255.255.255.0

and in PIX B you need to add a route for the 192.168.1.0 subnet.

route inside 192.168.1.0 255.255.255.0 10.10.11.x

where 10.10.11.x is the IP address of the router

secondary subnet trough PIX-PIX VPN tunnel

Cisco NGFW: do PIX ao Firewall Threat Defense

[原创翻译]PIX/ASA的数据包捕获

Cisco SD-WANルータとIOS-XE ルータ間での拠点間 IPsec VPN Tunnel 設定

DHCPリレーおよびパケットフローとしてのASA-PIX

How to initiate IPsec VPN tunnel from PIX/ASA for remote network