PIX & Secondary IP address to inside interfaces

azharmd · ‎11-15-2003

Hi,

I caught up in problem , i terminated VPN on PIX between 3 sites , one of the sites is having 4 different internal network of which 3 behind routers , users from different VPN sites need to access this networks .... how shall i add the routes

vpn betweeen 10.0.0.11, 10.50.0.11,10.60.0.11 is working fine , but 10.0.0.11 is having another 3 networks after an router

router ip 10.0.0.109 ,

different networks behind routers are 10.10.0.0

10.110.0.0

10.100.0.0

how many routes i need to add , in which pix .... need help ############# TOP URGENT##############

thanks in advance

pavlosd · ‎11-15-2003

If on the VPN router you have a default route, then you do not need to add any routes on that. Just make sure that the access-list used in crypto maps, cover all the source and destination addresses.

In the PIX that has the firewall on its back you will need to add the routes that are behind the network. A "ping" test is the best way to see if everything works fine. Again incluse a mirrored access-list with source the 4 networks and destination the central VPN office.

azharmd · ‎11-15-2003

i have

nat (inside) 1 0 0 for internet traffic

nat (inside) 0 access-list 101 for VPN traffic

this will help me or not ..

static (inside,outside) 10.10.0.0 10.10.0.0

access-list 101 permit ip 10.10.0.0/16 10.50.0.0/16

here 10.10.0.0 is network behind router of site A

where as 10.50.0.0 is remote site from where users want to access the 10.10.0.0 network .. am planning to deploy this and will let you know if this works & please get back to me if you have any alternative ...

thanks

azharmd · ‎11-16-2003

above is not working .................need urgent help thanks