remote users access ipsec tunnel site

Answered Question
Mar 9th, 2008

How to configure the ACL and route to allow remote users access to ipsec site like local users?

Current scenario is

1.remote users (192.168.2.0/24) ipsec <->Cisco 870 (192.168.0.0/24)

2. Cisco 870(192.168.0.0/24) ipsec tunnel <->cisco 1811 (10.0.0.0/24)

Now Remote users can access 192.168.0.0 network without problems, but how can they access 10.0.0.0 network?

I assume I can do like this:

1. in cisco 870, site-to-site tunnel permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255

(add)permit ip 192.168.2.0 0.0.0.255 10.0.0.0 0.0.0.255

2. in cisco 1811 site-to-site vpn

(add)permit ip 10.0.0.0 0.0.0.255 192.168.2.0 0.0.0.255

3. in the split vpn settings in cisco870 add network 10.0.0.0/24

Is that right?

Thanks.

I have this problem too.
0 votes
Correct Answer by jbayuka about 8 years 10 months ago

You need to configure the interesting traffic in such a way that an ACL contains the source is remote LAN and destination as local LAN.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
jbayuka Mon, 03/17/2008 - 06:46

You need to configure the interesting traffic in such a way that an ACL contains the source is remote LAN and destination as local LAN.

Actions

This Discussion