Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

remote users access ipsec tunnel site

How to configure the ACL and route to allow remote users access to ipsec site like local users?

Current scenario is

1.remote users (192.168.2.0/24) ipsec <->Cisco 870 (192.168.0.0/24)

2. Cisco 870(192.168.0.0/24) ipsec tunnel <->cisco 1811 (10.0.0.0/24)

Now Remote users can access 192.168.0.0 network without problems, but how can they access 10.0.0.0 network?

I assume I can do like this:

1. in cisco 870, site-to-site tunnel permit ip 192.168.0.0 0.0.0.255 10.0.0.0 0.0.0.255

(add)permit ip 192.168.2.0 0.0.0.255 10.0.0.0 0.0.0.255

2. in cisco 1811 site-to-site vpn

(add)permit ip 10.0.0.0 0.0.0.255 192.168.2.0 0.0.0.255

3. in the split vpn settings in cisco870 add network 10.0.0.0/24

Is that right?

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: remote users access ipsec tunnel site

You need to configure the interesting traffic in such a way that an ACL contains the source is remote LAN and destination as local LAN.

1 REPLY
Bronze

Re: remote users access ipsec tunnel site

You need to configure the interesting traffic in such a way that an ACL contains the source is remote LAN and destination as local LAN.

103
Views
0
Helpful
1
Replies