03-09-2008 06:43 PM - edited 02-21-2020 03:36 PM
How to configure the ACL and route to allow remote users access to ipsec site like local users?
Current scenario is
1.remote users (192.168.2.0/24) ipsec <->Cisco 870 (192.168.0.0/24)
2. Cisco 870(192.168.0.0/24) ipsec tunnel <->cisco 1811 (10.0.0.0/24)
Now Remote users can access 192.168.0.0 network without problems, but how can they access 10.0.0.0 network?
I assume I can do like this:
1. in cisco 870, site-to-site tunnel permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255
(add)permit ip 192.168.2.0 0.0.0.255 10.0.0.0 0.0.0.255
2. in cisco 1811 site-to-site vpn
(add)permit ip 10.0.0.0 0.0.0.255 192.168.2.0 0.0.0.255
3. in the split vpn settings in cisco870 add network 10.0.0.0/24
Is that right?
Thanks.
Solved! Go to Solution.
03-17-2008 06:46 AM
You need to configure the interesting traffic in such a way that an ACL contains the source is remote LAN and destination as local LAN.
03-17-2008 06:46 AM
You need to configure the interesting traffic in such a way that an ACL contains the source is remote LAN and destination as local LAN.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: