LAN To LAN VPN between 3005 Concentrator and Netscreen

Posted on 2008-10-03
Last Modified: 2012-08-14
VPN Tunnel is up between sites however some ip address are not pingable behind the 3005 Concentrator  side ... 10.9.2.x network .

Edge Router: - (switch where outside concentrator resides) PIX- Core Switch

Pix Firewall
ip address outside ( Nat from edge router)
ip address inside
ip address dmz
route outside 1
route inside 1
route inside 1
route inside 1
route inside 1


inside :

Core Switch

interface Vlan1
 ip address
 ipx network 1560B encapsulation SAP
interface Vlan2
 ip address
interface Vlan3
 ip address
interface Vlan6
 ip address
 ipx network 1560C encapsulation SAP
interface Vlan7
 ip address
interface Vlan4090
 ip address
ip route
ip route Vlan2
ip route
ip route Vlan6
ip route
ip route Vlan3

I can hit everything from my Side to
I can hit ( but nothing else unless we place route add statements on the window boxes in the 10.9.2.x network)


Question by:cogit
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 79

Accepted Solution

lrmoore earned 500 total points
ID: 22640577
I would bet that the default gateway for 10.9.2.x hosts = PIX firewall and not the L3 core switch?
You have to change their default to

BTW, never add static routes to directly connected networks. The device is smart enough to know what is connected where
ip route Vlan2 <== not necessary
ip route Vlan6
ip route Vlan3

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
site - site VPN 3 80
Cisco AnyConnect VPN 4 47
deny host within subnet to anything but the GW 6 35
Change "enable" password on Cisco Router 7 57
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question