Cisco VPN with Access list config

[sidetracked]

Heres it what I have (2620 Router)
1 internal network..192.168.0.0..i with an isa server as the gateway (192.168.0.1)

I want to add a cisco 2620 with a lan interface ip of 192.168.0.2 This cisco router will be used for a VPN to another location to run a specail application. it will have another internal ip address of 192.168.10.0 on the VPN side.

so our network will have 2 gateways. I want to configure our network to use the cisco router as the gateway. I want the cisco router to determine if it is goin to the 192.168.10 network, if it is then the cisco lets it pass through and the user will connect to the special application. if the destination isn't 192.168.10 network then the cicso should redirect the client to the isa server with the 192.168.0.1 gateway.

is this done with access list? I have access to a router with the same configuratoin but i can't find any access list configuration. is there a special feature im missing?

Thnx in advace people

MCSE 2K - MCSA 2K - NET+ - A+

Paul..

 

[308win]

No special feature, what you are thinking of is called ICMP redirects. On your 2620 the default route will be to 192.168.0.1 (ip route 0.0.0.0 0.0.0.0 192.168.0.1). You will then need a static route to the external address of your VPN peer.

But first you should google for 'ICMP redirects' and read up.
One read in particular is:

http://www.qorbit.net/documents/icmp-redirects-are-bad.pdf

 

[sidetracked]

Im confused about 1 of the requirments for using icmp redirects. it says The outgoing and incoming interace must be the same? what do they mean by this? i have another 2620 that i can tap into and see the configuration and see how they have it set up? were would i go within the router to see if it is using icmp redirect? would it be on the internal interface?

MCSE 2K - MCSA 2K - NET+ - A+

Paul..

 

[sidetracked]

Very nice explanation on that article. thanks for the link it really helped explain things

MCSE 2K - MCSA 2K - NET+ - A+

Paul..

 

[sidetracked]

Can you confirm this..i think there just using ip routes? The only thing i dont' see on hear the the VPN? is that gonna cause me a problem with a vpn module on the one i have?

Using 1053 out of 29688 bytes
!
version 12.2
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
ip subnet-zero
!
interface Ethernet0/0
ip address 192.168.0.10 255.255.255.0
--More--   ip nat inside
--More--   no ip mroute-cache
--More--   half-duplex
no cdp enable
!
interface Serial0/0
ip address 172.16.5.66 255.255.255.248
ip nat outside
no ip mroute-cache
no fair-queue
!
ip nat inside source list 6 interface Serial0/0 overload
ip nat inside source static 192.168.0.22 172.16.5.67
ip classless
no ip forward-protocol udp tftp
ip route 0.0.0.0 0.0.0.0 192.168.0.9
ip route 10.80.0.0 255.255.0.0 172.16.5.65
ip route 10.128.0.0 255.128.0.0 172.16.5.65
ip http server
ip pim bidir-enable
!
access-list 6 deny 192.168.0.22
access-list 6 permit 192.168.0.0 0.0.0.255

line aux 0
line vty 0 4

MCSE 2K - MCSA 2K - NET+ - A+

Paul..