First of all, I know that a PIX is not a router.
My situation is this:
Router A (Cisco 17xx) has a public IP a.b.c.d on Ethernet interface.
Router B (Cisco 26xx) has a public IP e.f.g.h on Ethernet Interface.
PIX A (501) is w.x.y.z outside
PIX A (506) is 192.168.16.129/255.255.255
PIX B is s.t.u.v outside
PIX B is 172.17.0.1/255.255.0.0 Inside
Data Center Firewall (Linux running Freeswan and also a router with iptables)
the DCFW is running two VPN's one to Office A, the other to Office B
The issue is that from office A using an internal IP of 192.168.16.134, we can ping the DC VPN (192.168.16.0/255.255.255.
128) just fine, but are not able to ping across to 172.17.0.0. The DNS is pointing to a server in the DC 192.168.16.2. Some of the sites that are requested are behind the DCFW, so when going to www.company.com
, it's attempting to use 192.168.3.45.
What's happening is that the PIX is only routing traffic for 192.168.16.0/255.255.255.1
28 through the VPN. It's routing 0.0.0.0 to the router, that has no idea how to get to the rest of the networks.
Question is - how do I get the router to pass 192.168.0.0/255.255.0.0 back to the PIX over the VPN. Also, how can I tell it to find 172.17.0.0 over at Office B...
I'm assuming I need to tell the PIX to do it, other wise, I'm going to have a nice loop...