jim0816
asked on
Cisco VPN 3005 Concentrator static route
I have 2 networks connected by a pt to pt t1. Users in both offices can access resources in each office. At the main office, I have a Cisco 3005 Concentrator for road users. The remote users logged into the Concentrator cannot access the server on the remote subnet. I added a static route on the concentrator for the remote subnet. Is there something else I need to do for the road users to see the remote subnet? The road users are on the same subnet as the main office when logged in to the VPN.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The subnetting will work fine as long as every single device has the same mask.
Remote T1 router has default pointing to 192.168.1.1 ?
ip route 0.0.0.0 0.0.0.0 192.168.1.1 ??
Local T1 router has default pointing to 10.10.1.101 Internet? Is this a firewall? PIX? Router?
ip route 10.10.3.0 255.255.255.0 192.168.1.2
ip route 0.0.0.0 0.0.0.0 10.10.1.101
ip route 10.10.1.128 255.255.255.128 10.10.1.5
3005 has route statement equivilent to:
ip route 10.10.3.0 255.255.255.0 10.10.1.100 <== pointing to local T1 router
Assuming that the Internet router/firewall serves remote office also, it needs routes, too. This is PIX syntax
route inside 10.10.3.0 255.255.255.0 10.10.1.100
Now the biggie -- IF the Internet is a PIX, then the following MUST be TRUE:
All local LAN clients point default gateway to LOCAL T1 ROUTER - 10.10.1.100
NOT to the PIX.
Remote T1 router has default pointing to 192.168.1.1 ?
ip route 0.0.0.0 0.0.0.0 192.168.1.1 ??
Local T1 router has default pointing to 10.10.1.101 Internet? Is this a firewall? PIX? Router?
ip route 10.10.3.0 255.255.255.0 192.168.1.2
ip route 0.0.0.0 0.0.0.0 10.10.1.101
ip route 10.10.1.128 255.255.255.128 10.10.1.5
3005 has route statement equivilent to:
ip route 10.10.3.0 255.255.255.0 10.10.1.100 <== pointing to local T1 router
Assuming that the Internet router/firewall serves remote office also, it needs routes, too. This is PIX syntax
route inside 10.10.3.0 255.255.255.0 10.10.1.100
Now the biggie -- IF the Internet is a PIX, then the following MUST be TRUE:
All local LAN clients point default gateway to LOCAL T1 ROUTER - 10.10.1.100
NOT to the PIX.
ASKER
Thanks for the help. All works well.
ASKER
My main office subnet was 10.10.1.0/24. I have changed to 2 subnets 10.10.1.128 (for vpn users) and 10.10.1.0 (for office users) with mask 255.255.255.128. I put a static route for 10.10.1.128 to the inside interface of the 3005 (10.10.1.5). I still cannot see the remote subnet from the concentrator. Here is a diagram:
10.10.3.0 ------10.10.3.100 (remote t1 router)--192.168.1.2------
|-----10.10.1.5(cisco 3005)-----10.10.1.128/255.
|------10.10.1.0/255.255.2
|---10.10.1.101----interne
Is the subnetting correct?