I need some helping setting up my VPN Concentrator so that our remote sites can access devices at our new data center.
Here's how things are set up.
Data Center: 10.110.1.0
Corporate: 192.168.0.0 & 192.168.1.0
Currently devices in 192.168.0.0 & 192.168.1.0 network can access devices in 10.110.1.0 network and 10.110.1.0 devices can access 192.168.0.0 and 192.168.1.0 networks.
On our concentrator (192.168.0.252) I have added a static route of 10.0.0.0 255.0.0.0. to 192.168.0.254 (our switch). In the switch is a static route that says all 10.0.0.0 traffic go out through our MPLS router (192.168.1.1).
On the concentrator I am able to ping my devices at the data center.
But I can not ping any devices at the remote sites from the data center. And I can't ping any devices at the data center from the remote sites.
The remote sites are using a Cisco Pix 506e to establish their vpn tunnel back to corporate.
I have tried adding 10.0.0.0 network to the network list that I use on the concentrator as well as adding 10.0.0.0 to my pix access-list:
access-list nonat permit ip 192.168.41.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list nonat permit ip 192.168.41.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list nonat permit ip 192.168.41.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list us_HQ permit ip 192.168.41.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list us_HQ permit ip 192.168.41.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list us_HQ permit ip 192.168.41.0 255.255.255.0 192.168.1.0 255.255.255.0
But once I do that then my VPN tunnel for my remote sites keep going up and down with the error message:
"Tunnel rejected: Policy not found for Src:192.168.41.0, Dst: 10.0.0.0"
Can someone help me out?
Thanks in advanced?