remote dmz lan routing through vpn tunnel

Unanswered Question
May 15th, 2008
User Badges:

Please see attached visio diagram


I have a 50 site MPLS cloud running BGP


At one of my remote sites, I have a 2821 router and PIX running ospf


When the MPLS/BGP drops, the remote router brings up a VPN connection to the host.


The host router gets routing update via PIX of routes to the remote site over vpn for the directly connected networks, the 10.200.101.x and the 10.1.27.x,

but not the remote PIX's DMZ 10.200.100.x network.




#sh ip route ospf

10.0.0.0/8 is variably subnetted, 104 subnets, 3 masks

O 10.200.100.0/24 [110/11] via 10.200.101.1, 1w2d, FastEthernet0/1/0


How do I get the host router to see the DMZ network at remote site?


Remote router ACL for VPN tunnel


access-list 102 permit ip 10.1.27.0 0.0.0.255 any

access-list 102 permit ip 10.200.101.0 0.0.0.255 any

access-list 102 permit ip 10.200.100.0 0.0.0.255 any

access-list 111 deny ip 10.1.0.0 0.0.255.255 10.1.100.0 0.0.0.255

access-list 111 deny ip 10.1.0.0 0.0.255.255 10.1.101.0 0.0.0.255

access-list 111 deny ip 10.200.100.0 0.0.0.255 10.1.100.0 0.0.0.255

access-list 111 deny ip 10.200.100.0 0.0.0.255 10.1.101.0 0.0.0.255

access-list 111 deny ip 10.200.101.0 0.0.0.255 10.1.100.0 0.0.0.255

access-list 111 deny ip 10.200.101.0 0.0.0.255 10.1.101.0 0.0.0.255

access-list 111 permit ip 10.1.0.0 0.0.255.255 any

access-list 111 permit ip 10.200.100.0 0.0.0.255 any

access-list 111 permit ip 10.200.101.0 0.0.0.255 any



Thanks,

Bob




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Wed, 05/21/2008 - 11:55
User Badges:
  • Silver, 250 points or more

Please recheck your ACL and your running config of your device.

Actions

This Discussion