I'm sure that this has been asked, but I cannot find it. I have my users connecting to my office (Site A in the diagram) using the Cisco VPN client. I also have my office connected to another (site B) via an IPSec tunnel. All of this works fine.
What I want to do is to get the VPN clients to go through my site to site B, through the tunnel.
Traffic through the tunnel is being PATed to the 69.x.x.x address on the outside of my PIX. I am attaching a diagram.
Thanks in advance for any help,
access-list SITEBTCRYPTO extended permit ip 192.168.21.0 255.255.255.0 32.yy.yy.yy 255.255.255.255
same-security-traffic permit intra-interface
Remote site would also need to add the interesting traffic and nat exemption to 192.168.21.0. I suppose since you have no control over the far end that you need to somehow make 192.168.21.0 appear as 66.x.x.x. This would eliminate you needing to change anything on the far end.
Maybe like this...
nat (outside) 1 192.168.21.0 255.255.255.0 outside