1. Home
  2. Cisco Systems
  3. VPN to another network

VPN to another network

I would really appreciate any help on this topic. I have the following situation:

NetA (192.168.0.0/24) | | 192.168.0.1/24 PIX1 | 10.0.0.1/24 | Internet | | 10.0.5.1/24 PIX2 | 192.168.1.1/24 | NetB (192.168.1.0/24) | (other infrastructure) | NetC (192.168.2.0/24)

PIX1 can reach NetA, PIX2 can reach NetB, NetC. I have a IPSec VPN between PIX1 and PIX2 with NetA and NetB being internal subnets that talk to each-other, respectively. It works fine, I can ping computers in NetB from NetA and vice-versa, I can share files, etc.

Is it possible to configure the PIX1 so it routes packages destined to NetC over VPN? For example, if I would ping 192.168.2.10 from

192.168.0.50, it should go through PIX1, VPN tunnel, PIX2 and route however it needs to NetC, then back the same way. Since PIX2 can ping NetC computers, there should be no worries about the routing on the PIX2 side.
Reply to
whytwelve13
Loading thread data ...

Yes it's possible

on PIX 1 you need to permit the NetA to NetC traffic in your nonat and crypto access-list

on PIX2 you need to permit the NetC to NetA traffic in your nonat and crypto access-list

and create a static route

route inside NetC 192.168.1.x

where 192.168.1.x is the IP of the router between NetB and NetC. ( But this should be done if PIX2 can already ping NetC)

You must also consider that this static route is only for the traffic coming from the outside, or initiated by the PIX inside interface. PIX2 will not route to NetC , traffic coming from NetB, since on a PIX traffic cannot leave using the same interface in came in.

Reply to
mcaissie

This seems to be working. I will check the other things to see, but at the first glance it seems OK. Thank you very much!

Reply to
whytwelve13

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.