Site to Site VPN and Point to Point routing help . 500 pts to the winner
Posted on 2007-07-25
Hello, I have an ASA5510 for a firewall, and it also terminates a site to site vpn and client vpns. The corporate office also has a point to point with another office via a Cisco 2800 series router. At the corporate office all end user devices are given the point to point router IP address as the D/G. That router has a route in it that pushes traffic over to the ASA5510 if it is not destined for the other side of the point to point. The info is as follows:
Coroprate office ASA5510 IP address 192.168.0.1 /24 subnet
Corporate office C2800 router (point to point with office 2) internal IP 192.168.0.254
Office 2 (other side of point to point) - C2800 series router internal IP 192.168.1.254
Office 3 (other side of site to site vpn) ASA5505 - Internal network of 192.168.2.0 /24
Right now, Office 3 can ping to the corporate office accross the VPN tunnel. It cannot ping to office 2. I.e., I can not ping 192.168.1.20 from 192.168.2.10
Office 2 can ping corporate via the point to point T1, but it cannot ping to Office 3 by going through corporate and then the site to site.
Lastly, remote access clients who VPN into the ASA5510 can access corporate resources, but they cannot access the office at the other end of the site to site or the point to point T1.
My questions are as follows:
1. How can I make it so that Office 3 can communicate to office 2. The path would be through the vpn tunnel to the point to point ethernet interface at corporate, then through the T1 to the remote office.
2. How can I make it so that remote users can VPN into Corporate but still be able to access the office accross the point to point T1?
I believe I just need a couple of route statements on my firewall and possibly something to bypass nat? Help would be greatly appreciated.