«

Hi,

Two 501's are connected to eachother via a site-to-site VPN:

Site 1 :

Internal IP : 10.0.0.254/24
External IP : 1.2.3.4/24


Site 2 :

Internal IP : 10.1.0.254/24
External IP : 5.6.7.8/24


Tunnelling works okay...

On Site 1 i have a router connected to some network..
The Internal IP of the router is 10.0.0.1/24.
On the other side of the router i have an IP network : 192.168.0.0/24

How can i make the 192.168.0.0/24 network accessible from Site 2 ?

Thanks,

R. Bressers

On Thu, 2 Jun 2005, Remco Bressers wrote:

> On Site 1 i have a router connected to some network..
> The Internal IP of the router is 10.0.0.1/24.
> On the other side of the router i have an IP network : 192.168.0.0/24
>
> How can i make the 192.168.0.0/24 network accessible from Site 2 ?

normaly just set a route to the net and the network should be reachable.
route inside 192.168.0.0 255.255.255.0 <IP of Gateway>

oli

"Remco Bressers" <> wrote in message
news:429f08ff$0$935$ ...
> Hi,
>
> Two 501's are connected to eachother via a site-to-site VPN:
>
> Site 1 :
>
> Internal IP : 10.0.0.254/24
> External IP : 1.2.3.4/24
>
>
> Site 2 :
>
> Internal IP : 10.1.0.254/24
> External IP : 5.6.7.8/24
>
>
> Tunnelling works okay...
>
> On Site 1 i have a router connected to some network..
> The Internal IP of the router is 10.0.0.1/24.
> On the other side of the router i have an IP network : 192.168.0.0/24
>
> How can i make the 192.168.0.0/24 network accessible from Site 2 ?
>
> Thanks,
>
> R. Bressers

First in both PIX you need to add a line in the no nat access-list and
in the crypto
access-list . And on PIX 1 , your need to add a route on your inside .

So it would give

PIX Site 1
access-list [nonat] permit ip 192.168.0.0 255.255.255.0 10.1.0.0
255.255.255.0

access-list [crypto] permit ip 192.168.0.0 255.255.255.0 10.1.0.0
255.255.255.0

route inside 192.168.0.0 255.255.255.0 10.0.0.1 1

PIX Site 2
access-list [nonat] permit ip 10.1.0.0 255.255.255.0 192.168.0.0
255.255.255.0

access-list [crypto] permit ip 10.1.0.0 255.255.255.0 192.168.0.0
255.255.255.0

>>Two 501's are connected to eachother via a site-to-site VPN:
>>
>>Site 1 :
>>Internal IP : 10.0.0.254/24
>>External IP : 1.2.3.4/24
>>
>>Site 2 :
>>Internal IP : 10.1.0.254/24
>>External IP : 5.6.7.8/24
>>
>>On Site 1 i have a router connected to some network..
>>The Internal IP of the router is 10.0.0.1/24.
>>On the other side of the router i have an IP network : 192.168.0.0/24
>>
>>How can i make the 192.168.0.0/24 network accessible from Site 2 ?
>>
>
>
> First in both PIX you need to add a line in the no nat access-list and
> in the crypto
> access-list . And on PIX 1 , your need to add a route on your inside .
>
> So it would give
>
> PIX Site 1
> access-list [nonat] permit ip 192.168.0.0 255.255.255.0 10.1.0.0
> 255.255.255.0
>
> access-list [crypto] permit ip 192.168.0.0 255.255.255.0 10.1.0.0
> 255.255.255.0
>
> route inside 192.168.0.0 255.255.255.0 10.0.0.1 1
>
> PIX Site 2
> access-list [nonat] permit ip 10.1.0.0 255.255.255.0 192.168.0.0
> 255.255.255.0
>
> access-list [crypto] permit ip 10.1.0.0 255.255.255.0 192.168.0.0
> 255.255.255.0

Thanks.. Second question: Is there a possibility to route ALL traffic
from PIX 2 to PIX 1 ? Like.. a default route to the other side?

Thanks,

R. Bressers

In article <>, Remco Bressers <> wrote:
:Thanks.. Second question: Is there a possibility to route ALL traffic
:from PIX 2 to PIX 1 ? Like.. a default route to the other side?

Yes.

Your crypto map ACL would have a source which matched your
internal interwork, and a destination of 'any'. Don't try using
a crypto map ACL that specifies permit ip any any as
that will cause problems for the other side.

Your default route would be set to some device on the other side
of the tunnel.
--
Look out, there are llamas!

Walter Roberson wrote:
> In article <>, Remco Bressers <> wrote:
> :Thanks.. Second question: Is there a possibility to route ALL traffic
> :from PIX 2 to PIX 1 ? Like.. a default route to the other side?
>
> Yes.
>
> Your crypto map ACL would have a source which matched your
> internal interwork, and a destination of 'any'. Don't try using
> a crypto map ACL that specifies permit ip any any as
> that will cause problems for the other side.
>
> Your default route would be set to some device on the other side
> of the tunnel.

Sorry for my ignorance, but can anyone give me some live-situation
configuration?

Thanks!

R. Bressers