We currently have a number of site-to-site VPN solutions setup. We have one particular remote office setup that is experiencing problems accessing one of our other subnets. We are the host VPN location using a PIX 515e version 6.1(2) and the new remote site is using a PIX 501 version 6.2(2). They can access everything on my subnet 192.168.X.X, but when pinging our main location 172.16.X.X they receive "request time out". There are 2 cisco 2600 routers that connect our location to the main location via frame and we have added everything I know to allow our new site to access our location and the main location on "our" pix and router. I have contacted our WAN Analyst at the main office and instructed him that he needed add the new remote site subnet to their router, but he say's it won't work. My thought.... NO WAY. That's why it's a router and the PIX shouldn't matter as long as you have the access list to allow. Need suggestions or confirmation I'm on the right path.
So the 192.168.x.x and the 172.16.x.x are both behind your 515e. If so, you need to define both subnets in your crypto access-list on the 515e (as the source networks) and on the remote 501 (as the remote networks).
Also make sure the router that connects to the 172.16.x.x network has a route to the network behind the remote 501, that eventually points to teh inside interface of the 515e. So, your WAN analyst doesn't need to add the remote site subnet to his/her router, but they do need to add a route to that network on their router. If you don't have this you're never going to be able to connect.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...