I have 6 internal 192.168 networks behind a firewall. I need VPN access to these networks but I can't make the firewall itself the VPN endpoint.
I have the following setup.
I have a VPN in place between my office (Cisco PIX506E) and a Cisco 2811 router. I then need to get from the router to the 192.168 networks behind a firewall which I don't directly manage.
+-------------------+ +-------------------+ +---------------------+ +--------192.168.0.0/24
| PIX506E | | 2811 | | Firewall | +--------192.168.1.0/24
|Ins 192.168.50.1 |-------------|Ins 88.88.88.1 |-----------|Ins 192.168.100.1|--------------+--------192.168.2.0/24
|Out 99.99.99.1 | |Out 77.77.77.1 | |Out 88.88.88.2 | +--------192.168.3.0/24
+--------------------+ +-------------------+ +--------------------+ +--------192.168.4.0/24
I have ny VPN setup between two endpoints - 99.99.99.1 and 77.77.77.1.
What static route statements do I need now, and where do I need them, to ensure that I get from the 192.168.50.0/24 network behind my PIx through to the 192.168.0-5.0/24 networks behind the firewall and back again ? I have tried a number of different configs and haven't yet been able to get this to work.
Also, in my crypto access lists for the traffic to be protected by the VPN, I assume I need to add an entry for the destination 192.168.0-5.0/24 networks, as well as entries for the inside networks on the PIX and 2811.
Any help would be greatly appreciated.
Thanks.