Some traffic not being forwarded over VPN

[markpirvine]

Hi,

I am having a very strange problem with a remote office. The primary office uses the 10.0.3.0/24 network address, while the remote office uses the 192.168.3.0/24 network address. The primary network has three gateways; 10.0.3.1 (original gateway now used only as auxilary VPN access if primary line is down), 10.0.3.3 (Firebox X 1000 primary gateway and manages manual ipsec tunnel with remote office) and 10.0.3.2 (Cisco PIX firewall that manages access to a web app running on 172.29.1.0/24. Firebox has a static route that forwardes request on 172.29.1.0/24 to 10.0.3.2). All gateways are pingable from primary network.

The remote office uses a SOHO 6tc and everything works perfectly with one exception - the web app running on 172.29.1.0/24 cannot be accessed. A static route similar to the one on the Firebox has been added but requests to this network address are not forwarded over the vpn tunnel. Attempts to ping 10.0.3.2, from the remote office, time out and no activity is logged in the Firebox System Manager. A tracert shows that the request is being forwarded over the public interface and then dropped. Attempts to ping any other address on the 10.0.3.0/24 network respond fine.

Has anyone had a similar problem? Are there any other tests I can run to see whats going wrong?

 

[lhuegele]

The static route you set-up that forwards 172.29.1.0/24 traffic over to your 10.0.3.2 gateway only work from your trusted interfaces. It sounds like you will need to create a new VPN tunnel between your local Cisco PIX firewall and your remote office SOHO 6tc.

Good luck.
Larry