×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

How to reach a second net through vpn......

Unanswered Question
Jan 6th, 2003
User Badges:

I have conf. a cisco 1721 and a WatchGuard firewall. The tunnel between the two sites works fine. But on the cisco site I have another remote net which I want to reach over my vpn. On the cisco site I added an other access-list allowing the net on the other site of the vpn to access the remote net on the cisco site.

access-list permit ip 192.40.200.0 0.0.0.255 192.168.77.0 0.0.0.255 (works)

access-list permit ip 192.40.211.0 0.0.0.255 192.168.77.0 0.0.0.255 (is this

acces-list wrong or just not enough on the cisco site to get it working ??????


lars

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jfrahim Mon, 01/06/2003 - 12:34
User Badges:
  • Cisco Employee,

Hi Lars,

All you need to do is to add another entry in your existing Encryption ACL

For example, if you had:

access-list 100 permit ip 192.40.200.0 0.0.0.255 192.168.77.0 0.0.0.255

to encrypt the traffic, then all you need to do is add:

access-list 100 permit ip 192.40.211.0 0.0.0.255 192.168.77.0 0.0.0.255

That's all on the Cisco side.

Make sure that Watchguard supports having multiple SA ( or multiple subnets ) going to a specific peer. I think there are many different vendors who only support one subnet per peer for the IPSec connections

Hope that helps

Jazib

Actions

This Discussion