Need Site to Site VPN Help. How to route to a network not directly connected through VPN

I don't think this should be too hard, but I have a general question. I
setup a Site to Site VPN between a Pix 515 and Pix 501(Easy Enough).
The hard part is getting the internal networks to talk. I network the
PCs is on connects to a Proxy Server, which then connects to the PIX
515. The PC network is 10.1.0.0/16 and the Proxy Server has an
interface on that LAN, and the network directly connected to the PIX
515(192.168.100.0/24) as well. The remote LAN that I'm trying to access
is 10.4.1.0/24. My ACL for NONAT is setup between 10.1.0.0 and
10.4.1.0. I'm not sure if I have to NONAT between 192.168.100.0 and
10.4.1.0, and then add a route into the Proxy Server, or if I keep it
the way I have, and then add some sort of "route inside or outside"
command to the PIX. Any help would be greatly appreciated. A diagram of
the config can be found here:
http://img140.imageshack.us/img140/1298/vpnhelp2qw.jpg

THANKS for the HELP!

 

You'll need a router behind the PIX on the internal network and point
the routes on the PIX to the router on the inside.

Chuck

 

Yes. The traffic that leaves the ESAFE Proxy is 192.168.100.3
so that is the IP address that will be trying to access 10.4.1/24 .

You won't need any "route" statement for what you have described.


However, your diagram indicates that you need full access from 10.1/16
to 10.4.1/24 . To me, that implies that you want 10.1/16 to go -directly-
to 10.4.1/24 instead of having all the activity proxied through
the ESafe Proxy at 192.168.100.3.

If you want to somehow bypass the ESAFE Proxy when going to 10.4.1/24
then you will need a LAN router to cross-connect the PIX and
the PCs without going through ESAFE, or else you will need to configure
ESAFE to pass those particular packets on unchanged; either way,
you -would- want a route inside statement on the PIX that pointed 10.1/16
destination traffic through the router (first case) or ESAFE box (second case).