Solved

Cisco VPN 3005 Concentrator static route

Posted on 2006-10-27
4
382 Views
Last Modified: 2010-04-12
I have 2 networks connected by a pt to pt t1.  Users in both offices can access resources in each office.  At the main office, I have a Cisco 3005 Concentrator for road users.  The remote users logged into the Concentrator cannot access the server on the remote subnet.  I  added a static route on the concentrator for the remote subnet.  Is there something else I need to do for the road users to see the remote subnet?  The road users are on the same subnet as the main office when logged in to the VPN.
0
Comment
Question by:jim0816
  • 2
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 17823376
You also need to add a route on the T1 router(s) for the subnet/pool of IP's being used by the VPN clients
0
 

Author Comment

by:jim0816
ID: 17825735
Ok this now becomes a 2 part question.  I now need to resolve the subnetting.  I will bump the points to 500 and split if needed.  

 My main office subnet was 10.10.1.0/24.  I have changed to 2 subnets 10.10.1.128 (for vpn users) and 10.10.1.0 (for office users) with mask 255.255.255.128.  I put a static route for 10.10.1.128 to the inside interface of the 3005 (10.10.1.5).   I still cannot see the remote subnet from the concentrator.   Here is a diagram:

10.10.3.0 ------10.10.3.100 (remote t1 router)--192.168.1.2-----------t1-----------192.168.1.1--10.10.1.100(local t1 router)-------------|
                                                                                                                                                                                               |-----10.10.1.5(cisco 3005)-----10.10.1.128/255.255.255.128(subnet for vpn users)
                                                                                                                                                                                               |------10.10.1.0/255.255.255.128(local users)
                                                                                                                                                                                               |---10.10.1.101----internet

Is the subnetting correct?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 17825836
The subnetting will work fine as long as every single device has the same mask.
Remote T1 router has default pointing to 192.168.1.1 ?
  ip route 0.0.0.0 0.0.0.0 192.168.1.1 ??

Local T1 router has default pointing to 10.10.1.101 Internet? Is this a firewall? PIX? Router?
 ip route 10.10.3.0 255.255.255.0 192.168.1.2
 ip route 0.0.0.0 0.0.0.0 10.10.1.101
 ip route 10.10.1.128 255.255.255.128 10.10.1.5

3005 has route statement equivilent to:
 ip route 10.10.3.0 255.255.255.0 10.10.1.100  <== pointing to  local T1 router

Assuming that the Internet router/firewall serves remote office also, it needs routes, too. This is PIX syntax
 route inside 10.10.3.0 255.255.255.0 10.10.1.100

Now the biggie -- IF the Internet is a PIX, then the following MUST be TRUE:
 All local LAN clients point default gateway to LOCAL T1 ROUTER - 10.10.1.100
 NOT to the PIX.


0
 

Author Comment

by:jim0816
ID: 17828949
Thanks for the help.   All works well.  
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now