Adding Route to net on Far side of VPN?

Discussion in 'Cisco' started by Scott Townsend, Mar 5, 2007.

  1. How do you either use EIGRP on a PIX and pass the route over the VPN, or add
    static routes to networks over a VPN link?

    Traffic from 10.1.x.y is fine to/from 10.2.6.1

    I cant hit 10.6.0.X from 10.1.0.x


    So I have a network Setup as Follows:

    10.6.0.1 LAN A Netopia
    10.2.6.1 LAN B Netopia
    |
    10.2.0.2 Inside PIX B
    Internet
    |
    Internet
    10.1.0.2 Inside PIX A
    10.1.0.1 Inside Router A FE0


    Here are partial Routing tables from the above devices
    PIX A
    S 0.0.0.0 0.0.0.0 [1/0] via , outside
    S 10.6.0.0 255.255.0.0 [1/0] via 10.2.6.1, inside
    Nothing it it for 10.2.x.y specifically
    Router A
    S* 0.0.0.0/0 [1/0] via 10.1.0.2
    Nothing in it for 10.2.x.y or 10.6.x.y Specifically

    PIX B
    S 0.0.0.0 0.0.0.0 [1/0] via , outside
    C 10.2.0.0 255.255.0.0 is directly connected, inside
    S 10.6.0.0 255.255.0.0 [1/0] via 10.2.6.1, inside

    netopia
    0.0.0.0 0.0.0.0 10.2.0.2 Ethernet WAN1

    Thanks,
    Scott<-
     
    Scott Townsend, Mar 5, 2007
    #1
    1. Advertising

  2. Scott Townsend

    Guest

    On Mar 5, 2:09 pm, "Scott Townsend" <scott-i@.-N0-SPAMplease.enm.com>
    wrote:
    > How do you either use EIGRP on a PIX and pass the route over the VPN, or add
    > static routes to networks over a VPN link?
    >
    > Traffic from 10.1.x.y is fine to/from 10.2.6.1
    >
    > I cant hit 10.6.0.X from 10.1.0.x
    >
    > So I have a network Setup as Follows:
    >
    > 10.6.0.1 LAN A Netopia
    > 10.2.6.1 LAN B Netopia
    > |
    > 10.2.0.2 Inside PIX B
    > Internet
    > |
    > Internet
    > 10.1.0.2 Inside PIX A
    > 10.1.0.1 Inside Router A FE0
    >
    > Here are partial Routing tables from the above devices
    > PIX A
    > S 0.0.0.0 0.0.0.0 [1/0] via , outside
    > S 10.6.0.0 255.255.0.0 [1/0] via 10.2.6.1, inside
    > Nothing it it for 10.2.x.y specifically
    > Router A
    > S* 0.0.0.0/0 [1/0] via 10.1.0.2
    > Nothing in it for 10.2.x.y or 10.6.x.y Specifically
    >
    > PIX B
    > S 0.0.0.0 0.0.0.0 [1/0] via , outside
    > C 10.2.0.0 255.255.0.0 is directly connected, inside
    > S 10.6.0.0 255.255.0.0 [1/0] via 10.2.6.1, inside
    >
    > netopia
    > 0.0.0.0 0.0.0.0 10.2.0.2 Ethernet WAN1
    >
    > Thanks,
    > Scott<-


    Scott,
    I don't know if this will help you but I was having the same issues
    using an 1841 not a PIX.
    My solution was in the access list.
    access-list 101 permit IP {inside network inside PIX} {Inside network
    inside netopia}
    and apply the access list to the crypto map.
    I had to add it on both sides. We were useing an open source router on
    the remote and had to create a new tunnel on the open source router
    for each network I wanted to access. The 1841 I addes to the access
    list.
     
    , Mar 5, 2007
    #2
    1. Advertising

  3. Have all of the networks in the Inbound/Outbound NAT and Crypto ACLs both
    To/From 10.1.x.y and 10.6.x.y



    <> wrote in message
    news:...
    > On Mar 5, 2:09 pm, "Scott Townsend" <scott-i@.-N0-SPAMplease.enm.com>
    > wrote:
    >> How do you either use EIGRP on a PIX and pass the route over the VPN, or
    >> add
    >> static routes to networks over a VPN link?
    >>
    >> Traffic from 10.1.x.y is fine to/from 10.2.6.1
    >>
    >> I cant hit 10.6.0.X from 10.1.0.x
    >>
    >> So I have a network Setup as Follows:
    >>
    >> 10.6.0.1 LAN A Netopia
    >> 10.2.6.1 LAN B Netopia
    >> |
    >> 10.2.0.2 Inside PIX B
    >> Internet
    >> |
    >> Internet
    >> 10.1.0.2 Inside PIX A
    >> 10.1.0.1 Inside Router A FE0
    >>
    >> Here are partial Routing tables from the above devices
    >> PIX A
    >> S 0.0.0.0 0.0.0.0 [1/0] via , outside
    >> S 10.6.0.0 255.255.0.0 [1/0] via 10.2.6.1, inside
    >> Nothing it it for 10.2.x.y specifically
    >> Router A
    >> S* 0.0.0.0/0 [1/0] via 10.1.0.2
    >> Nothing in it for 10.2.x.y or 10.6.x.y Specifically
    >>
    >> PIX B
    >> S 0.0.0.0 0.0.0.0 [1/0] via , outside
    >> C 10.2.0.0 255.255.0.0 is directly connected, inside
    >> S 10.6.0.0 255.255.0.0 [1/0] via 10.2.6.1, inside
    >>
    >> netopia
    >> 0.0.0.0 0.0.0.0 10.2.0.2 Ethernet WAN1
    >>
    >> Thanks,
    >> Scott<-

    >
    > Scott,
    > I don't know if this will help you but I was having the same issues
    > using an 1841 not a PIX.
    > My solution was in the access list.
    > access-list 101 permit IP {inside network inside PIX} {Inside network
    > inside netopia}
    > and apply the access list to the crypto map.
    > I had to add it on both sides. We were useing an open source router on
    > the remote and had to create a new tunnel on the open source router
    > for each network I wanted to access. The 1841 I addes to the access
    > list.
    >
    >
     
    Scott Townsend, Mar 5, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    673
    Walter Roberson
    Dec 15, 2004
  2. TRUE

    Help. Windows Explorer side-by-side window

    TRUE, May 10, 2004, in forum: Computer Support
    Replies:
    6
    Views:
    791
    ┬░Mike┬░
    May 10, 2004
  3. Eric
    Replies:
    5
    Views:
    663
    Toolman Tim
    Jul 28, 2005
  4. R2D2

    G5 vs G3 Side-by-side Pics

    R2D2, Feb 10, 2004, in forum: Digital Photography
    Replies:
    3
    Views:
    446
    Guenter Fieblinger
    Feb 10, 2004
  5. Replies:
    9
    Views:
    5,321
    Scott Perry
    Aug 7, 2008
Loading...

Share This Page