site to site vpn

mmitgroup · ‎03-01-2010

Hi all,

I have a site to site vpn setup between country A and country B. We are using cisco pix515e on both sites. In country A our cisco pix515e is connected to 3 networks, office(192.168.x.x), dmz(172.16.x.x) and external. With the site to site vpn established country B office network is able to access country A dmz(172.16.x.x). We did not allow office(192.168.x.x) to be accessible via site to site vpn due to security. However country B need to access a server in country A office network. I did a NAT for 192.168.1.100 to 172.16.2.100. All my dmz servers can access my office server via 172.16.2.100 hence the NAT is working fine. But country B office network (192.168.5.x) could not access 172.16.2.100. My office server 192.168.1.100 gateway is pointing to my cisco515e. Why can't country B access my office server 192.168.1.100? Pls advise. Thks in advance.

slmansfield · ‎03-02-2010

Hi,

I'm wondering whether to use the same NAT between the DMZ and Office networks on your Country A PIX as you are using for your External to Office networks.

Do you have an ACL rule on your External interface of Country A's PIX allowing Country B's source addresses to Country A's NAT'd server address?

Here is a URL explaining how to set up NAT on the PIX in different scenarios. It specifically talks about accessing one attached network from another through the same PIX. HTH.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aad.shtml