Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Working VPN But Onward Routing Problem

Status
Not open for further replies.
Steve30

Steve30

Technical User
Apr 26, 2004
3
GB
Hi All,

I have successfully set-up a working IPSEC 3DES VPN between two sites using a Cisco 515 (centre-site A) and Cisco 501 Pix (remote site B).

At the centre site their is an existing WAN leased line connection to a third site (site C) whos LAN is 192.168.200.0 Both the centre PIX and leased line router are plugged into the same switch and are on the same network.

The problem I have is, how do I get IP traffic through the VPN from Site B LAN to site A over the VPN then onto site C down the leased line to their LAN?

Hope someone can help me with this one, I have tried many things!

Thank you.

Steve.
 
Sort by date Sort by votes
you can not.
The PIX will never sent a packet out the same interface its recieved.

Inorder to do what you what, you need eigther tunnel from B-C or have two interfaces towards the WAN on site A, then router in the first and out the sec.

Cisco web has a config example just about this senario.
 
Upvote 0 Downvote
You can try the following on the PIX :
Assuming that the default route on the Lease line router is the PIX ,


Add the statements on the PIX -

1. add a Route inside statement to the network 192.168.200.0 via lease line router.
2. add access-list statement to permit access to 192.168.200.0 network
3. apply the access-list


examples :

1. access-list 100 permit ip 192.168.1.0 255.255.255.0 172.16.10.0 255.255.255.0

2. route inside 192.168.200.0 255.255.255.0 192.168.1.0 1

3. nat (inside) 0 access-list 100

Make sure you have the latest IOS on the PIX. I would recommend 6.3.3.132

Try to ping the Lan hosts and see if it worked.

Hope this works



 
Upvote 0 Downvote
Upvote 0 Downvote
Hi,

Yes, I overlooked the fact that the PIX will not route packets out of the same interface they come in on.

Also the default route on the leased line router is not the PIX as this is managed by a third party teleco, and can not be changed.

Any further ideas anyone ? Or should I look at a differenet solution for this problem...

Thanks.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
853
intel233
intel233
ISDPCMAN
  • Locked
  • Question
RDP fails over VPN
Replies
1
Views
365
gkittelson
gkittelson
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
1K
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
293
WhosYourDiffie
WhosYourDiffie
Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
243
Garbear
Garbear

Part and Inventory Search

Sponsor

Back
Top