3000 concentrator question

are network topology is as follows

perm router-->pix 506-->3600 router-->local lan

We have a 3000 concentrator in between the perm and pix 506 that is setup for users for vpn.

the pix is setup for pix to pix vpn with a colo.

Users who authenticate in thru the vpn want to access the subnet on the colo. I tried adding a static route for the colo subnet on the 3000 but it fails. cccccccan it be done?
cogitAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

grbladesCommented:
Hi cogit,
Please explain where the colo network connects in your diagram above.
0
cogitAuthor Commented:
Here is the topology

Perm router so: 75.X.X.X
E0: 76.X.X.X
3000 concentrator: public:76.x.x.x
private:10.9.1.133
LOCAl pool 10.10.2.80-100 (on the concentrator)
Pix 506. outside 76.x.x.x
inside 10.9.1.131
Router 3600
eo:10.9.1.130
fa/01: 10.12.0.0 (local network)
fa/0:10.10.1.0

THE PIX 506 setup with PIX to PIX VPN to connect to the colo 10.20.2.x network

When inside the internal network 10.12.0.x we of course can connect to the 10.20.2.0 colo network.  

On the 3000 there is a ip routing tab where you can place static routes.
0
grbladesCommented:
Yes it should be possible to get this working.

On the concentrator make sure you have the following route defined:-
10.20.2.0 mask 255.255.255.0 gateway 10.9.1.131

On the 506 make sure the following route is defined :-
10.10.2.0 mask 255.255.255.0 gateway 10.9.1.133

At the co-lo end I assume everything goes via the PIX?

On the PIX-PIX VPN configuration at both ends  you will need to check the access-list which defines which traffic is to be sent across the VPN and make sure it includes traffic from 10.10.2.0.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cogitAuthor Commented:
hear is what is on the pix
route outside 0.0.0.0 0.0.0.0 76.x.x.x
route inside 10.10.1.0 255.255.255.0 10.9.1.130 1
route inside 10.10.2.0 255.255.255.0 10.9.1.133 1
route inside 10.12.0.0 255.255.255.0 10.9.1.130 1


on the pix 506

access-list nonat permit ip 10.10.0.0 255.255.0.0 10.20.2.0 255.255.255.0
access-list nonat permit ip 10.12.0.0 255.255.0.0 10.20.2.0 255.255.255.0

access-list IBM-link-acl permit ip 10.12.0.0 255.255.0.0 10.20.2.0 255.255.255.0
access-list IBM-link-acl permit ip 10.10.0.0 255.255.0.0 10.20.2.0 255.255.255.0

On the other pix I should have has thats says (something to this effect ?)
access-list xxx permit ip 10.20.2.0 255.255.255.0 10.10.0.0 255.255.0.0
access-list xxx permit ip 10.20.2.0 255.255.255.0 10.12.0.0 255.255.0.0
0
cogitAuthor Commented:
resolved it
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.