cogit
asked on
3000 concentrator question
are network topology is as follows
perm router-->pix 506-->3600 router-->local lan
We have a 3000 concentrator in between the perm and pix 506 that is setup for users for vpn.
the pix is setup for pix to pix vpn with a colo.
Users who authenticate in thru the vpn want to access the subnet on the colo. I tried adding a static route for the colo subnet on the 3000 but it fails. cccccccan it be done?
perm router-->pix 506-->3600 router-->local lan
We have a 3000 concentrator in between the perm and pix 506 that is setup for users for vpn.
the pix is setup for pix to pix vpn with a colo.
Users who authenticate in thru the vpn want to access the subnet on the colo. I tried adding a static route for the colo subnet on the 3000 but it fails. cccccccan it be done?
ASKER
Here is the topology
Perm router so: 75.X.X.X
E0: 76.X.X.X
3000 concentrator: public:76.x.x.x
private:10.9.1.133
LOCAl pool 10.10.2.80-100 (on the concentrator)
Pix 506. outside 76.x.x.x
inside 10.9.1.131
Router 3600
eo:10.9.1.130
fa/01: 10.12.0.0 (local network)
fa/0:10.10.1.0
THE PIX 506 setup with PIX to PIX VPN to connect to the colo 10.20.2.x network
When inside the internal network 10.12.0.x we of course can connect to the 10.20.2.0 colo network.
On the 3000 there is a ip routing tab where you can place static routes.
Perm router so: 75.X.X.X
E0: 76.X.X.X
3000 concentrator: public:76.x.x.x
private:10.9.1.133
LOCAl pool 10.10.2.80-100 (on the concentrator)
Pix 506. outside 76.x.x.x
inside 10.9.1.131
Router 3600
eo:10.9.1.130
fa/01: 10.12.0.0 (local network)
fa/0:10.10.1.0
THE PIX 506 setup with PIX to PIX VPN to connect to the colo 10.20.2.x network
When inside the internal network 10.12.0.x we of course can connect to the 10.20.2.0 colo network.
On the 3000 there is a ip routing tab where you can place static routes.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
hear is what is on the pix
route outside 0.0.0.0 0.0.0.0 76.x.x.x
route inside 10.10.1.0 255.255.255.0 10.9.1.130 1
route inside 10.10.2.0 255.255.255.0 10.9.1.133 1
route inside 10.12.0.0 255.255.255.0 10.9.1.130 1
on the pix 506
access-list nonat permit ip 10.10.0.0 255.255.0.0 10.20.2.0 255.255.255.0
access-list nonat permit ip 10.12.0.0 255.255.0.0 10.20.2.0 255.255.255.0
access-list IBM-link-acl permit ip 10.12.0.0 255.255.0.0 10.20.2.0 255.255.255.0
access-list IBM-link-acl permit ip 10.10.0.0 255.255.0.0 10.20.2.0 255.255.255.0
On the other pix I should have has thats says (something to this effect ?)
access-list xxx permit ip 10.20.2.0 255.255.255.0 10.10.0.0 255.255.0.0
access-list xxx permit ip 10.20.2.0 255.255.255.0 10.12.0.0 255.255.0.0
route outside 0.0.0.0 0.0.0.0 76.x.x.x
route inside 10.10.1.0 255.255.255.0 10.9.1.130 1
route inside 10.10.2.0 255.255.255.0 10.9.1.133 1
route inside 10.12.0.0 255.255.255.0 10.9.1.130 1
on the pix 506
access-list nonat permit ip 10.10.0.0 255.255.0.0 10.20.2.0 255.255.255.0
access-list nonat permit ip 10.12.0.0 255.255.0.0 10.20.2.0 255.255.255.0
access-list IBM-link-acl permit ip 10.12.0.0 255.255.0.0 10.20.2.0 255.255.255.0
access-list IBM-link-acl permit ip 10.10.0.0 255.255.0.0 10.20.2.0 255.255.255.0
On the other pix I should have has thats says (something to this effect ?)
access-list xxx permit ip 10.20.2.0 255.255.255.0 10.10.0.0 255.255.0.0
access-list xxx permit ip 10.20.2.0 255.255.255.0 10.12.0.0 255.255.0.0
ASKER
resolved it
Please explain where the colo network connects in your diagram above.