11-21-2005 09:28 AM - edited 02-21-2020 02:06 PM
Hi. If this has been asked before, I apologize and please direct me to the post -- I could not find it.
My question is a little unique. I have a community network where different companies can join to share resources. I am working with one company who has two locations connected on this network.. I am trying to set it up such that PIX-A is on the remote end, PIX-C is another companys PIX, PIX-B is at the main site to terminate the traffic from PIX-A and PIX-C, and PIX-D provides Internet access to local users and users being served from PIX-A.
I know its confusing heres a basic map below:
Remote Network --> PIX-A --> Community Network --> PIX-B --> Local Company Network --> PIX-D --> Internet
AND
Remote Network --> PIX-A --> Community Network --> PIX-C --> Other Companys Network
AND
Local Company Network --> PIX-B --> Community Network --> PIX-C --> Other Companys Network
I have gotten this to work, but it only lasts for a short while and then starts failing again. Im not sure why it fails, but it just starts.
Ive tried doing this with basic access-lists; the access-list for PIX-A is below:
!Access List used for access to the Internet and local Corporate LAN:
!
access-list corp deny ip 192.168.103.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list corp deny ip 192.168.103.0 255.255.255.0 10.52.0.0 255.255.0.0
access-list corp permit ip 192.168.103.0 255.255.255.0 any
!
!Access List used to access remote network:
!
access-list remote1 permit ip 192.168.103.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list remote1 permit ip 192.168.103.0 255.255.255.0 10.52.0.0 255.255.0.0
!
!Access List for NAT 0 Statement:
!
access-list no-nat permit ip 192.168.103.0 255.255.255.0 any
Again, ot works for a while, and then stops. Ive never tried this before I must be missing something, so any help is appreciated. Thanks!
Mike
11-25-2005 12:19 PM
In IPsec transport mode everything will be encrpted .
In this type of encryption the NAT after ipsec.
For more information refer to the following url:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009486e.shtml
11-28-2005 08:22 AM
I have a request to tunnel everything from site B to site A. We want site B's default route to be site A even if traffic is destined for the Internet. This configuration is needed to force traffic through URL filter at site A.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide