Solved

Cisco VPN 3005 Concentrator static route

Posted on 2006-10-27
4
375 Views
Last Modified: 2010-04-12
I have 2 networks connected by a pt to pt t1.  Users in both offices can access resources in each office.  At the main office, I have a Cisco 3005 Concentrator for road users.  The remote users logged into the Concentrator cannot access the server on the remote subnet.  I  added a static route on the concentrator for the remote subnet.  Is there something else I need to do for the road users to see the remote subnet?  The road users are on the same subnet as the main office when logged in to the VPN.
0
Comment
Question by:jim0816
  • 2
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 17823376
You also need to add a route on the T1 router(s) for the subnet/pool of IP's being used by the VPN clients
0
 

Author Comment

by:jim0816
ID: 17825735
Ok this now becomes a 2 part question.  I now need to resolve the subnetting.  I will bump the points to 500 and split if needed.  

 My main office subnet was 10.10.1.0/24.  I have changed to 2 subnets 10.10.1.128 (for vpn users) and 10.10.1.0 (for office users) with mask 255.255.255.128.  I put a static route for 10.10.1.128 to the inside interface of the 3005 (10.10.1.5).   I still cannot see the remote subnet from the concentrator.   Here is a diagram:

10.10.3.0 ------10.10.3.100 (remote t1 router)--192.168.1.2-----------t1-----------192.168.1.1--10.10.1.100(local t1 router)-------------|
                                                                                                                                                                                               |-----10.10.1.5(cisco 3005)-----10.10.1.128/255.255.255.128(subnet for vpn users)
                                                                                                                                                                                               |------10.10.1.0/255.255.255.128(local users)
                                                                                                                                                                                               |---10.10.1.101----internet

Is the subnetting correct?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17825836
The subnetting will work fine as long as every single device has the same mask.
Remote T1 router has default pointing to 192.168.1.1 ?
  ip route 0.0.0.0 0.0.0.0 192.168.1.1 ??

Local T1 router has default pointing to 10.10.1.101 Internet? Is this a firewall? PIX? Router?
 ip route 10.10.3.0 255.255.255.0 192.168.1.2
 ip route 0.0.0.0 0.0.0.0 10.10.1.101
 ip route 10.10.1.128 255.255.255.128 10.10.1.5

3005 has route statement equivilent to:
 ip route 10.10.3.0 255.255.255.0 10.10.1.100  <== pointing to  local T1 router

Assuming that the Internet router/firewall serves remote office also, it needs routes, too. This is PIX syntax
 route inside 10.10.3.0 255.255.255.0 10.10.1.100

Now the biggie -- IF the Internet is a PIX, then the following MUST be TRUE:
 All local LAN clients point default gateway to LOCAL T1 ROUTER - 10.10.1.100
 NOT to the PIX.


0
 

Author Comment

by:jim0816
ID: 17828949
Thanks for the help.   All works well.  
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server 2012 RRAS kills network connectivity 6 92
AT&T aircard VPN disconnects"WiFi works fine" 35 73
SSL RA VPN 7 104
azure vpn connection 3 55
Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now