remote users access ipsec tunnel site

Answered Question
Mar 9th, 2008
User Badges:

How to configure the ACL and route to allow remote users access to ipsec site like local users?


Current scenario is

1.remote users (192.168.2.0/24) ipsec <->Cisco 870 (192.168.0.0/24)

2. Cisco 870(192.168.0.0/24) ipsec tunnel <->cisco 1811 (10.0.0.0/24)


Now Remote users can access 192.168.0.0 network without problems, but how can they access 10.0.0.0 network?


I assume I can do like this:


1. in cisco 870, site-to-site tunnel permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255

(add)permit ip 192.168.2.0 0.0.0.255 10.0.0.0 0.0.0.255


2. in cisco 1811 site-to-site vpn

(add)permit ip 10.0.0.0 0.0.0.255 192.168.2.0 0.0.0.255


3. in the split vpn settings in cisco870 add network 10.0.0.0/24


Is that right?


Thanks.

Correct Answer by jbayuka about 9 years 2 months ago

You need to configure the interesting traffic in such a way that an ACL contains the source is remote LAN and destination as local LAN.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
jbayuka Mon, 03/17/2008 - 06:46
User Badges:
  • Bronze, 100 points or more

You need to configure the interesting traffic in such a way that an ACL contains the source is remote LAN and destination as local LAN.

Actions

This Discussion