Need Site to Site VPN Help. How to route to a network not directly connected through VPN

Discussion in 'Cisco' started by Evolution, Apr 11, 2006.

  1. Evolution

    Evolution Guest

    I don't think this should be too hard, but I have a general question. I
    setup a Site to Site VPN between a Pix 515 and Pix 501(Easy Enough).
    The hard part is getting the internal networks to talk. I network the
    PCs is on connects to a Proxy Server, which then connects to the PIX
    515. The PC network is and the Proxy Server has an
    interface on that LAN, and the network directly connected to the PIX
    515( as well. The remote LAN that I'm trying to access
    is My ACL for NONAT is setup between and I'm not sure if I have to NONAT between and, and then add a route into the Proxy Server, or if I keep it
    the way I have, and then add some sort of "route inside or outside"
    command to the PIX. Any help would be greatly appreciated. A diagram of
    the config can be found here:

    THANKS for the HELP!
    Evolution, Apr 11, 2006
    1. Advertisements

  2. You'll need a router behind the PIX on the internal network and point
    the routes on the PIX to the router on the inside.

    Charles U Farley, Apr 11, 2006
    1. Advertisements

  3. Yes. The traffic that leaves the ESAFE Proxy is
    so that is the IP address that will be trying to access 10.4.1/24 .
    You won't need any "route" statement for what you have described.

    However, your diagram indicates that you need full access from 10.1/16
    to 10.4.1/24 . To me, that implies that you want 10.1/16 to go -directly-
    to 10.4.1/24 instead of having all the activity proxied through
    the ESafe Proxy at

    If you want to somehow bypass the ESAFE Proxy when going to 10.4.1/24
    then you will need a LAN router to cross-connect the PIX and
    the PCs without going through ESAFE, or else you will need to configure
    ESAFE to pass those particular packets on unchanged; either way,
    you -would- want a route inside statement on the PIX that pointed 10.1/16
    destination traffic through the router (first case) or ESAFE box (second case).
    Walter Roberson, Apr 11, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.