3000 concentrator question

are network topology is as follows

perm router-->pix 506-->3600 router-->local lan

We have a 3000 concentrator in between the perm and pix 506 that is setup for users for vpn.

the pix is setup for pix to pix vpn with a colo.

Users who authenticate in thru the vpn want to access the subnet on the colo. I tried adding a static route for the colo subnet on the 3000 but it fails. cccccccan it be done?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hi cogit,
Please explain where the colo network connects in your diagram above.
cogitAuthor Commented:
Here is the topology

Perm router so: 75.X.X.X
E0: 76.X.X.X
3000 concentrator: public:76.x.x.x
LOCAl pool (on the concentrator)
Pix 506. outside 76.x.x.x
Router 3600
fa/01: (local network)

THE PIX 506 setup with PIX to PIX VPN to connect to the colo 10.20.2.x network

When inside the internal network 10.12.0.x we of course can connect to the colo network.  

On the 3000 there is a ip routing tab where you can place static routes.
Yes it should be possible to get this working.

On the concentrator make sure you have the following route defined:- mask gateway

On the 506 make sure the following route is defined :- mask gateway

At the co-lo end I assume everything goes via the PIX?

On the PIX-PIX VPN configuration at both ends  you will need to check the access-list which defines which traffic is to be sent across the VPN and make sure it includes traffic from

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cogitAuthor Commented:
hear is what is on the pix
route outside 76.x.x.x
route inside 1
route inside 1
route inside 1

on the pix 506

access-list nonat permit ip
access-list nonat permit ip

access-list IBM-link-acl permit ip
access-list IBM-link-acl permit ip

On the other pix I should have has thats says (something to this effect ?)
access-list xxx permit ip
access-list xxx permit ip
cogitAuthor Commented:
resolved it
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.