03-09-2008 06:43 PM - edited 02-21-2020 03:36 PM
How to configure the ACL and route to allow remote users access to ipsec site like local users?
Current scenario is
1.remote users (192.168.2.0/24) ipsec <->Cisco 870 (192.168.0.0/24)
2. Cisco 870(192.168.0.0/24) ipsec tunnel <->cisco 1811 (10.0.0.0/24)
Now Remote users can access 192.168.0.0 network without problems, but how can they access 10.0.0.0 network?
I assume I can do like this:
1. in cisco 870, site-to-site tunnel permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255
(add)permit ip 192.168.2.0 0.0.0.255 10.0.0.0 0.0.0.255
2. in cisco 1811 site-to-site vpn
(add)permit ip 10.0.0.0 0.0.0.255 192.168.2.0 0.0.0.255
3. in the split vpn settings in cisco870 add network 10.0.0.0/24
Is that right?
Thanks.
Solved! Go to Solution.
03-17-2008 06:46 AM
You need to configure the interesting traffic in such a way that an ACL contains the source is remote LAN and destination as local LAN.
03-17-2008 06:46 AM
You need to configure the interesting traffic in such a way that an ACL contains the source is remote LAN and destination as local LAN.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide