Site to Site VPN with PIX
Posted on 2006-05-22
I need some assistane with a configuration that is slightly different from what i am used to. Normally when configuring a site to site vpn i will use 1 access list to for non NATing
purposes such as:
access-list NoNAT permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0
nat (inside) 0 access-list NoNAT
//And another access list for the traffic to permit through the tunnel:
access-list VPNTraffic permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0
crypto map MAP 10 match address VPNTraffic
//This usually works without any problem. I now need to configure the PIX such that only 1 host on each end is able to communicate through tunnel. I changed one access list to:
access-list VPNTraffic permit ip host 192.168.0.x host 192.168.10.x
//thinking that would suffice but cannot ping through the tunnel from 192.168.0.x to 192.168.10.x or vice versa.
Any assistance with configuring what i need to accomplish is appreciated.