Solved: remote users access ipsec tunnel site

yayasolenet · ‎03-09-2008

How to configure the ACL and route to allow remote users access to ipsec site like local users?

Current scenario is

1.remote users (192.168.2.0/24) ipsec <->Cisco 870 (192.168.0.0/24)

2. Cisco 870(192.168.0.0/24) ipsec tunnel <->cisco 1811 (10.0.0.0/24)

Now Remote users can access 192.168.0.0 network without problems, but how can they access 10.0.0.0 network?

I assume I can do like this:

1. in cisco 870, site-to-site tunnel permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255

(add)permit ip 192.168.2.0 0.0.0.255 10.0.0.0 0.0.0.255

2. in cisco 1811 site-to-site vpn

(add)permit ip 10.0.0.0 0.0.0.255 192.168.2.0 0.0.0.255

3. in the split vpn settings in cisco870 add network 10.0.0.0/24

Is that right?

Thanks.

jbayuka · ‎03-17-2008

You need to configure the interesting traffic in such a way that an ACL contains the source is remote LAN and destination as local LAN.

jbayuka · ‎03-17-2008

You need to configure the interesting traffic in such a way that an ACL contains the source is remote LAN and destination as local LAN.