Add a static route to VPN?
Our network uses VPNs and VLANs.
I have one device in VLAN 10 (192.168.10.x range), but when you login over the VPN, we put you in VLAN 12 (192.168.12.x range).
I want to make it so when I come in on the VPN, I can hit that one device in VLAN10. I think I need to add a static route, just not sure were....on the PIX?
I have one device in VLAN 10 (192.168.10.x range), but when you login over the VPN, we put you in VLAN 12 (192.168.12.x range).
I want to make it so when I come in on the VPN, I can hit that one device in VLAN10. I think I need to add a static route, just not sure were....on the PIX?
ASKER
I have those routes, but I think this is the relevant VPN stuff:
access-list 101 permit ip 192.168.12.0 255.255.255.0 192.168.2.0 255.255.255.0
When you VPN in, we give you a 192.168.2.x address. So we are saying, once you have that 2 addy, you can go anywhere in 12 land.
What I want to say is "You can go anywhere in 10 land, PLUS you can also go to 192.168.12.39".
How would I do that?
Thanks.
access-list 101 permit ip 192.168.12.0 255.255.255.0 192.168.2.0 255.255.255.0
When you VPN in, we give you a 192.168.2.x address. So we are saying, once you have that 2 addy, you can go anywhere in 12 land.
What I want to say is "You can go anywhere in 10 land, PLUS you can also go to 192.168.12.39".
How would I do that?
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
for your vlan 10:
pix(config)#route inside 192.168.10.0 [subnet mask of this network] [inside interface of pix ip address]
pix(config)#route inside 192.168.12.0 [subnet mask of this network] [inside interface of pix ip address]
Also, your router or layer 3 switch on your inside lan should have either static routes with the above networks pointing to the inside of interface of the pix or a dynamic routing protocol such as eigrp, rip, or ospf to find all your vlans so traffic can go to all your default gateways of your vlans