Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 412
  • Last Modified:

Cisco VPN 3005 Concentrator static route

I have 2 networks connected by a pt to pt t1.  Users in both offices can access resources in each office.  At the main office, I have a Cisco 3005 Concentrator for road users.  The remote users logged into the Concentrator cannot access the server on the remote subnet.  I  added a static route on the concentrator for the remote subnet.  Is there something else I need to do for the road users to see the remote subnet?  The road users are on the same subnet as the main office when logged in to the VPN.
0
jim0816
Asked:
jim0816
  • 2
  • 2
1 Solution
 
lrmooreCommented:
You also need to add a route on the T1 router(s) for the subnet/pool of IP's being used by the VPN clients
0
 
jim0816Author Commented:
Ok this now becomes a 2 part question.  I now need to resolve the subnetting.  I will bump the points to 500 and split if needed.  

 My main office subnet was 10.10.1.0/24.  I have changed to 2 subnets 10.10.1.128 (for vpn users) and 10.10.1.0 (for office users) with mask 255.255.255.128.  I put a static route for 10.10.1.128 to the inside interface of the 3005 (10.10.1.5).   I still cannot see the remote subnet from the concentrator.   Here is a diagram:

10.10.3.0 ------10.10.3.100 (remote t1 router)--192.168.1.2-----------t1-----------192.168.1.1--10.10.1.100(local t1 router)-------------|
                                                                                                                                                                                               |-----10.10.1.5(cisco 3005)-----10.10.1.128/255.255.255.128(subnet for vpn users)
                                                                                                                                                                                               |------10.10.1.0/255.255.255.128(local users)
                                                                                                                                                                                               |---10.10.1.101----internet

Is the subnetting correct?
0
 
lrmooreCommented:
The subnetting will work fine as long as every single device has the same mask.
Remote T1 router has default pointing to 192.168.1.1 ?
  ip route 0.0.0.0 0.0.0.0 192.168.1.1 ??

Local T1 router has default pointing to 10.10.1.101 Internet? Is this a firewall? PIX? Router?
 ip route 10.10.3.0 255.255.255.0 192.168.1.2
 ip route 0.0.0.0 0.0.0.0 10.10.1.101
 ip route 10.10.1.128 255.255.255.128 10.10.1.5

3005 has route statement equivilent to:
 ip route 10.10.3.0 255.255.255.0 10.10.1.100  <== pointing to  local T1 router

Assuming that the Internet router/firewall serves remote office also, it needs routes, too. This is PIX syntax
 route inside 10.10.3.0 255.255.255.0 10.10.1.100

Now the biggie -- IF the Internet is a PIX, then the following MUST be TRUE:
 All local LAN clients point default gateway to LOCAL T1 ROUTER - 10.10.1.100
 NOT to the PIX.


0
 
jim0816Author Commented:
Thanks for the help.   All works well.  
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now