We help IT Professionals succeed at work.
Get Started
Complex VPN Config - VPN to a network not on the VPN connected device (behind a second firewall)
I have 6 internal 192.168 networks behind a firewall. I need VPN access to these networks but I can't make the firewall itself the VPN endpoint.
I have the following setup.
I have a VPN in place between my office (Cisco PIX506E) and a Cisco 2811 router. I then need to get from the router to the 192.168 networks behind a firewall which I don't directly manage.
+-------------------+ +-------------------+ +---------------------+ +--------192.168.0.0/24
| PIX506E | | 2811 | | Firewall | +--------192.168.1.0/24
|Ins 192.168.50.1 |-------------|Ins 88.88.88.1 |-----------|Ins 192.168.100.1|------------
|Out 99.99.99.1 | |Out 77.77.77.1 | |Out 88.88.88.2 | +--------192.168.3.0/24
+--------------------+ +-------------------+ +--------------------+ +--------192.168.4.0/24
I have ny VPN setup between two endpoints - 99.99.99.1 and 77.77.77.1.
What static route statements do I need now, and where do I need them, to ensure that I get from the 192.168.50.0/24 network behind my PIx through to the 192.168.0-5.0/24 networks behind the firewall and back again ? I have tried a number of different configs and haven't yet been able to get this to work.
Also, in my crypto access lists for the traffic to be protected by the VPN, I assume I need to add an entry for the destination 192.168.0-5.0/24 networks, as well as entries for the inside networks on the PIX and 2811.
Any help would be greatly appreciated.
Thanks.
I have the following setup.
I have a VPN in place between my office (Cisco PIX506E) and a Cisco 2811 router. I then need to get from the router to the 192.168 networks behind a firewall which I don't directly manage.
+-------------------+ +-------------------+ +---------------------+ +--------192.168.0.0/24
| PIX506E | | 2811 | | Firewall | +--------192.168.1.0/24
|Ins 192.168.50.1 |-------------|Ins 88.88.88.1 |-----------|Ins 192.168.100.1|------------
|Out 99.99.99.1 | |Out 77.77.77.1 | |Out 88.88.88.2 | +--------192.168.3.0/24
+--------------------+ +-------------------+ +--------------------+ +--------192.168.4.0/24
I have ny VPN setup between two endpoints - 99.99.99.1 and 77.77.77.1.
What static route statements do I need now, and where do I need them, to ensure that I get from the 192.168.50.0/24 network behind my PIx through to the 192.168.0-5.0/24 networks behind the firewall and back again ? I have tried a number of different configs and haven't yet been able to get this to work.
Also, in my crypto access lists for the traffic to be protected by the VPN, I assume I need to add an entry for the destination 192.168.0-5.0/24 networks, as well as entries for the inside networks on the PIX and 2811.
Any help would be greatly appreciated.
Thanks.
Why Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE