Multiple internal networks

corey.borton · ‎09-11-2002

I'm using site to site vpn on pix 501's using pre-shared keys. I just followed the instructions contained at http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/config/sit2site.htm

what do I need to add to these configs if I have multiple internal networks on each pix. ie the above doc as an internal network of 192.168.12.0 on pix firewall 1 and and 10.0.0.0 on pix firewall 2 if there is additional internal networks on pix firewall 1 ie 192.168.13.0 and an additional internal network on pix firewall 2 of 10.0.1.0 what additional commands have to be added to the config.

awaheed · ‎09-12-2002

Hi Corey,

In this case, you just need to add to the existing access-lists attached to the crypto map and so lets say your access-list has the following right now:

access-list 90 permit ip 192.168.12.0 255.255.255.0 10.0.0.0 255.255.255.0

So what you add is the following to this access-list for your situation:

access-list 90 permit ip 192.168.13.0 255.255.255.0 10.0.0.0 255.255.255.0

access-list 90 permit ip 192.168.12.0 255.255.255.0 10.0.1.0 255.255.255.0

access-list 90 permit ip 192.168.13.0 255.255.255.0 10.0.1.0 255.255.255.0

Kindly let me know if this explains it fine,

Regards,

Aamir

-=-=-

corey.borton · ‎09-12-2002

would these access-lists be added to both pix's? if so would they be in the same format?