Help with VPN routing

Discussion in 'Cisco' started by slaquer, Feb 15, 2009.

  1. slaquer

    slaquer

    Joined:
    Jan 3, 2009
    Messages:
    9
    Remote clinic - Cisco 831 router - 192.168.180.0 internal subnet

    Local office - Cisco PIX firewall - 192.168.120.0, 192.168.140.0, 192.168.100.0, and 192.168.160.0 internal subnets

    L2L IPSEC VPN tunnel works great for the most part, but the 192.168.180.0 users on the remote clinic (on the 192.168.180.0 subnet) can only communicate with the 192.168.100.0 subnet on the local site. All other traffic goes out the internet.

    Any help would appreciated.

    Bulk of config for remote clinic below below:


    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp key DELETED address 70.182.XX.XXX
    !

    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    !
    crypto map SDM_CMAP_1 1 ipsec-isakmp
    description Tunnel to70.182.XX.XXX
    set peer 70.182.XX.XXX
    set transform-set ESP-3DES-SHA ESP-3DES-SHA1 SA2 SA3
    match address 102
    !
    !
    !
    interface Ethernet0
    description $ETH-LAN$
    ip address 192.168.180.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    !
    interface Ethernet1
    description $ETH-WAN$
    ip address 98.190.XX.XXX 255.255.255.0
    ip nat outside
    ip virtual-reassembly
    duplex auto
    crypto map SDM_CMAP_1
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 98.190.XX.XXX permanent
    ip http server
    ip http authentication local
    ip http secure-server
    ip nat inside source route-map SDM_RMAP_1 interface Ethernet1 overload
    !
    !
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 192.168.180.0 0.0.0.255
    access-list 100 remark SDM_ACL Category=4
    access-list 100 remark IPSec Rule
    access-list 100 permit ip 192.168.180.0 0.0.0.255 192.168.100.0 0.0.0.255
    access-list 100 permit ip 192.168.180.0 0.0.0.255 172.16.0.0 0.0.255.255
    access-list 100 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
    access-list 101 remark SDM_ACL Category=2
    access-list 101 remark IPSec Rule
    access-list 101 deny ip 192.168.180.0 0.0.0.255 192.168.100.0 0.0.0.255
    access-list 101 permit ip 192.168.180.0 0.0.0.255 any
    access-list 102 remark SDM_ACL Category=4
    access-list 102 remark IPSec Rule
    access-list 102 permit ip 192.168.180.0 0.0.0.255 192.168.100.0 0.0.0.255
    access-list 102 permit ip 192.168.180.0 0.0.0.255 172.16.0.0 0.0.0.255
    access-list 102 permit ip 192.168.180.0 0.0.0.255 192.168.140.0 0.0.0.255
    route-map SDM_RMAP_1 permit 1
    match ip address 101
    !
    !
     
    slaquer, Feb 15, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. zher
    Replies:
    2
    Views:
    9,180
  2. OZ
    Replies:
    3
    Views:
    11,149
  3. joeblow
    Replies:
    3
    Views:
    1,260
    Philip D'Ath
    Mar 14, 2005
  4. banana7

    VPN to VPN Routing

    banana7, Sep 17, 2007, in forum: Cisco
    Replies:
    0
    Views:
    391
    banana7
    Sep 17, 2007
  5. peachmach5@yahoo.com
    Replies:
    1
    Views:
    1,524
Loading...

Share This Page