• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 208
  • Last Modified:

3000 concentrator question

are network topology is as follows

perm router-->pix 506-->3600 router-->local lan

We have a 3000 concentrator in between the perm and pix 506 that is setup for users for vpn.

the pix is setup for pix to pix vpn with a colo.

Users who authenticate in thru the vpn want to access the subnet on the colo. I tried adding a static route for the colo subnet on the 3000 but it fails. cccccccan it be done?
0
cogit
Asked:
cogit
  • 3
  • 2
1 Solution
 
grbladesCommented:
Hi cogit,
Please explain where the colo network connects in your diagram above.
0
 
cogitAuthor Commented:
Here is the topology

Perm router so: 75.X.X.X
E0: 76.X.X.X
3000 concentrator: public:76.x.x.x
private:10.9.1.133
LOCAl pool 10.10.2.80-100 (on the concentrator)
Pix 506. outside 76.x.x.x
inside 10.9.1.131
Router 3600
eo:10.9.1.130
fa/01: 10.12.0.0 (local network)
fa/0:10.10.1.0

THE PIX 506 setup with PIX to PIX VPN to connect to the colo 10.20.2.x network

When inside the internal network 10.12.0.x we of course can connect to the 10.20.2.0 colo network.  

On the 3000 there is a ip routing tab where you can place static routes.
0
 
grbladesCommented:
Yes it should be possible to get this working.

On the concentrator make sure you have the following route defined:-
10.20.2.0 mask 255.255.255.0 gateway 10.9.1.131

On the 506 make sure the following route is defined :-
10.10.2.0 mask 255.255.255.0 gateway 10.9.1.133

At the co-lo end I assume everything goes via the PIX?

On the PIX-PIX VPN configuration at both ends  you will need to check the access-list which defines which traffic is to be sent across the VPN and make sure it includes traffic from 10.10.2.0.
0
 
cogitAuthor Commented:
hear is what is on the pix
route outside 0.0.0.0 0.0.0.0 76.x.x.x
route inside 10.10.1.0 255.255.255.0 10.9.1.130 1
route inside 10.10.2.0 255.255.255.0 10.9.1.133 1
route inside 10.12.0.0 255.255.255.0 10.9.1.130 1


on the pix 506

access-list nonat permit ip 10.10.0.0 255.255.0.0 10.20.2.0 255.255.255.0
access-list nonat permit ip 10.12.0.0 255.255.0.0 10.20.2.0 255.255.255.0

access-list IBM-link-acl permit ip 10.12.0.0 255.255.0.0 10.20.2.0 255.255.255.0
access-list IBM-link-acl permit ip 10.10.0.0 255.255.0.0 10.20.2.0 255.255.255.0

On the other pix I should have has thats says (something to this effect ?)
access-list xxx permit ip 10.20.2.0 255.255.255.0 10.10.0.0 255.255.0.0
access-list xxx permit ip 10.20.2.0 255.255.255.0 10.12.0.0 255.255.0.0
0
 
cogitAuthor Commented:
resolved it
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now