Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
392
Views
0
Helpful
2
Replies

VPN 3030 to VPN 3002

b.budd
Level 1
Level 1

‎12-07-2004 06:55 AM - edited ‎02-21-2020 01:29 PM

We have several remote locations using the 3002 client connecting to a 3030 head end here at corp.

We moved offices last week. I had to swap out some equipment. Am having a devil of a time getting it working again. The 3002s can see the 3030, but it's as if the tunnel is not fully established as I cannot connect to, or ping, the clients behind the 3002s from my desktop at corp.

Here's the basic setup

3002 inside = 192.168.19.1

3030 outside 63.1.1.6 - connects to Switch1

3030 inside 192.168.0.6 - connects to Switch2

router outside = 63.1.1.2 - connects to internet

router inside = 172.16.1.2 - connects Switch1

pix outside 172.16.1.1 - Connects to Switch1

pix inside 192.168.0.1 - Connects to Switch2

my pc: 192.168.0.117 - Connects to Switch2

My PCs gw is the pix 192.168.0.1

I put a route on the pix: inside 192.168.0.0/16 --> 192.168.0.254.

No luck.

Oh, also, important point. Besides putting the external int of the VPN on a switch that *should* be visible to the internet, I never could see it. So I did a static nat of 63.1.1.6 = 192.168.0.254 on the PIX. This "works", although I cannot reach the remote devices.

Thank you for your help

Labels:
0 Helpful
2 Replies 2

kn
Level 1
Level 1

‎12-08-2004 12:43 AM

More info please:

What offices where moved, the Head office or the remote 3002 site/sites

Is the session in the 3030 tab showing the 3002 connected? If not, can you see whereabouts in the process you are going wrong, looking in the live eventlog...Lots of nice info in there.

br

//Krister

0 Helpful

b.budd
Level 1
Level 1
In response to kn

‎12-08-2004 06:35 AM

Thanks for the reply. Just to recap what we are trying to do: At our corporate office we have a router facing the internet. We have a pix behind that that serves as our default gateway.

Somewhere in this mix we need to put a 3030 so our remote locations can connect with their 3002 clients.

I got it to work to where the 3002s could see the 3030 to get enough info for them to get onto the internet, but I could not connect in true vpn style, where our corporate machines can see their remote machines.

What I had to do was put another router inside our PIX and make it our default gateway. Apparently the PIX is too stupid to act as a gateway for a 192.168.0.0/24 subnet, and also act as a router that will point 192.168.0.0/16 traffic to our concentrator (192.168.0.3).

0 Helpful
Customers Also Viewed These Support Documents