routing through a Site to Site VPN on PIX

normaly just set a route to the net and the network should be reachable. route inside 192.168.0.0 255.255.255.0

oli

First in both PIX you need to add a line in the no nat access-list and in the crypto access-list . And on PIX 1 , your need to add a route on your inside .

So it would give

PIX Site 1 access-list [nonat] permit ip 192.168.0.0 255.255.255.0 10.1.0.0

access-list [crypto] permit ip 192.168.0.0 255.255.255.0 10.1.0.0

route inside 192.168.0.0 255.255.255.0 10.0.0.1 1

PIX Site 2 access-list [nonat] permit ip 10.1.0.0 255.255.255.0 192.168.0.0

access-list [crypto] permit ip 10.1.0.0 255.255.255.0 192.168.0.0

Thanks.. Second question: Is there a possibility to route ALL traffic from PIX 2 to PIX 1 ? Like.. a default route to the other side?

Thanks,

R. Bressers

In article , Remco Bressers wrote: :Thanks.. Second question: Is there a possibility to route ALL traffic :from PIX 2 to PIX 1 ? Like.. a default route to the other side?

Yes.

Your crypto map ACL would have a source which matched your internal interwork, and a destination of 'any'. Don't try using a crypto map ACL that specifies permit ip any any as that will cause problems for the other side.

Your default route would be set to some device on the other side of the tunnel.

Sorry for my ignorance, but can anyone give me some live-situation configuration?

Thanks!

R. Bressers