routing through a Site to Site VPN on PIX

Discussion in 'Cisco' started by Remco Bressers, Jun 2, 2005.

  1. Hi,

    Two 501's are connected to eachother via a site-to-site VPN:

    Site 1 :

    Internal IP : 10.0.0.254/24
    External IP : 1.2.3.4/24


    Site 2 :

    Internal IP : 10.1.0.254/24
    External IP : 5.6.7.8/24


    Tunnelling works okay...

    On Site 1 i have a router connected to some network..
    The Internal IP of the router is 10.0.0.1/24.
    On the other side of the router i have an IP network : 192.168.0.0/24

    How can i make the 192.168.0.0/24 network accessible from Site 2 ?

    Thanks,

    R. Bressers
     
    Remco Bressers, Jun 2, 2005
    #1
    1. Advertising

  2. Remco Bressers

    Oliver Rahn Guest

    On Thu, 2 Jun 2005, Remco Bressers wrote:

    > On Site 1 i have a router connected to some network..
    > The Internal IP of the router is 10.0.0.1/24.
    > On the other side of the router i have an IP network : 192.168.0.0/24
    >
    > How can i make the 192.168.0.0/24 network accessible from Site 2 ?


    normaly just set a route to the net and the network should be reachable.
    route inside 192.168.0.0 255.255.255.0 <IP of Gateway>

    oli
     
    Oliver Rahn, Jun 2, 2005
    #2
    1. Advertising

  3. Remco Bressers

    mcaissie Guest

    "Remco Bressers" <> wrote in message
    news:429f08ff$0$935$...
    > Hi,
    >
    > Two 501's are connected to eachother via a site-to-site VPN:
    >
    > Site 1 :
    >
    > Internal IP : 10.0.0.254/24
    > External IP : 1.2.3.4/24
    >
    >
    > Site 2 :
    >
    > Internal IP : 10.1.0.254/24
    > External IP : 5.6.7.8/24
    >
    >
    > Tunnelling works okay...
    >
    > On Site 1 i have a router connected to some network..
    > The Internal IP of the router is 10.0.0.1/24.
    > On the other side of the router i have an IP network : 192.168.0.0/24
    >
    > How can i make the 192.168.0.0/24 network accessible from Site 2 ?
    >
    > Thanks,
    >
    > R. Bressers


    First in both PIX you need to add a line in the no nat access-list and
    in the crypto
    access-list . And on PIX 1 , your need to add a route on your inside .

    So it would give

    PIX Site 1
    access-list [nonat] permit ip 192.168.0.0 255.255.255.0 10.1.0.0
    255.255.255.0

    access-list [crypto] permit ip 192.168.0.0 255.255.255.0 10.1.0.0
    255.255.255.0

    route inside 192.168.0.0 255.255.255.0 10.0.0.1 1

    PIX Site 2
    access-list [nonat] permit ip 10.1.0.0 255.255.255.0 192.168.0.0
    255.255.255.0

    access-list [crypto] permit ip 10.1.0.0 255.255.255.0 192.168.0.0
    255.255.255.0
     
    mcaissie, Jun 2, 2005
    #3

  4. >>Two 501's are connected to eachother via a site-to-site VPN:
    >>
    >>Site 1 :
    >>Internal IP : 10.0.0.254/24
    >>External IP : 1.2.3.4/24
    >>
    >>Site 2 :
    >>Internal IP : 10.1.0.254/24
    >>External IP : 5.6.7.8/24
    >>
    >>On Site 1 i have a router connected to some network..
    >>The Internal IP of the router is 10.0.0.1/24.
    >>On the other side of the router i have an IP network : 192.168.0.0/24
    >>
    >>How can i make the 192.168.0.0/24 network accessible from Site 2 ?
    >>

    >
    >
    > First in both PIX you need to add a line in the no nat access-list and
    > in the crypto
    > access-list . And on PIX 1 , your need to add a route on your inside .
    >
    > So it would give
    >
    > PIX Site 1
    > access-list [nonat] permit ip 192.168.0.0 255.255.255.0 10.1.0.0
    > 255.255.255.0
    >
    > access-list [crypto] permit ip 192.168.0.0 255.255.255.0 10.1.0.0
    > 255.255.255.0
    >
    > route inside 192.168.0.0 255.255.255.0 10.0.0.1 1
    >
    > PIX Site 2
    > access-list [nonat] permit ip 10.1.0.0 255.255.255.0 192.168.0.0
    > 255.255.255.0
    >
    > access-list [crypto] permit ip 10.1.0.0 255.255.255.0 192.168.0.0
    > 255.255.255.0


    Thanks.. Second question: Is there a possibility to route ALL traffic
    from PIX 2 to PIX 1 ? Like.. a default route to the other side?

    Thanks,

    R. Bressers
     
    Remco Bressers, Jun 6, 2005
    #4
  5. In article <>, Remco Bressers <> wrote:
    :Thanks.. Second question: Is there a possibility to route ALL traffic
    :from PIX 2 to PIX 1 ? Like.. a default route to the other side?

    Yes.

    Your crypto map ACL would have a source which matched your
    internal interwork, and a destination of 'any'. Don't try using
    a crypto map ACL that specifies permit ip any any as
    that will cause problems for the other side.

    Your default route would be set to some device on the other side
    of the tunnel.
    --
    Look out, there are llamas!
     
    Walter Roberson, Jun 6, 2005
    #5
  6. Remco Bressers

    R. Bressers Guest

    Walter Roberson wrote:
    > In article <>, Remco Bressers <> wrote:
    > :Thanks.. Second question: Is there a possibility to route ALL traffic
    > :from PIX 2 to PIX 1 ? Like.. a default route to the other side?
    >
    > Yes.
    >
    > Your crypto map ACL would have a source which matched your
    > internal interwork, and a destination of 'any'. Don't try using
    > a crypto map ACL that specifies permit ip any any as
    > that will cause problems for the other side.
    >
    > Your default route would be set to some device on the other side
    > of the tunnel.


    Sorry for my ignorance, but can anyone give me some live-situation
    configuration?

    Thanks!

    R. Bressers
     
    R. Bressers, Jun 7, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Walter Roberson
    Replies:
    0
    Views:
    558
    Walter Roberson
    Apr 1, 2004
  2. Benson
    Replies:
    0
    Views:
    526
    Benson
    May 9, 2005
  3. Evolution
    Replies:
    2
    Views:
    2,406
    Walter Roberson
    Apr 11, 2006
  4. Replies:
    1
    Views:
    1,508
  5. pasatealinux
    Replies:
    1
    Views:
    2,080
    pasatealinux
    Dec 17, 2007
Loading...

Share This Page