Re: Routing to remote site network

maileym01 · ‎11-13-2007

Hi, I have a question about routing, or maybe lack of it in following environment.

2 sites each with a PX 515, neither have internal routers.

SiteA network address 10.10.10.0 255.255.0.0

SiteB network address 20.20.20.0 255.255.255.0

both sites are conencted by a site to site VPN tunnel, allowing users in either site to use resources etc on the other site.

User can connect to siteA remotely using Cisco VPN software, authenticate and be assigned IP address in range 10.10.20.1 to 10.10.20.100, DNS and default gateway assigned the same as those on internal network. eg DNS=10.10.10.10 and gateway is 10.10.10.254. In both cases the default gateway is the internal IP address of the PIX.

This is fine provided the user only needs access to resources inside the network of SiteA. They cannot connect to SiteB at all, cannot ping as it returns Request timed out.

Is there anyhting that can be done to allow access to SiteB for those remote connecting with VPN client?

Is there a requirement for a router to be introduced?

Thanks in advance for any sugges

Edison Ortiz · ‎11-13-2007

> Is there a requirement for a router to be introduced?

Yes, as the PIX is not a router. It only forwards packets from one interface to another, it does not redirect traffic back to the same interface it came from.

When you client vpn into the PIX, you are entering via the public interface and that interface is the same one being used for the SiteB connection.

You need a router to make this work.

Collin Clark · ‎11-13-2007

You should be able to add the SiteB address space as part of the remote access no NAT and interesting VPN traffic (on the SiteA PIX). You will also need to add your remote access network [10.10.20.1-10.10.20.100] to SiteB PIX's routing.

HTH and please rate.