Got a good one for you guys. This is a routing issue to network without routers.
I have a remote site that connects through a pix 501 to a cisco 3015 concentrator. (public interface of concentrator is on the dmz of a sonicwall pro vx) This works fine. The network behind the pix is 10.25.99.0/24. The local lan behind local interface of the vpn concentrator is 10.25.100.0/24. I can ping and connect to any resources on the 10.25.100 network.
the private 10.0.0.0 network is very very very extensive from that point on and the users on the 10.25.99.0 network need access to resources that are at least 5 router hops away. Running eigrp on all the routers. next hop router after 10.25.100.1 is over a point to point t-1 then the router on that end has a connection to the frame relay cloud where it goes to remote sites, one of which there's a mainframe that the users behind the 10.25.99.0 network need.
I need to make every other router aware of the 10.25.99.0 network so that connecting to remote resources will work. in other words, pinging will send the packet all the way to the resource, but does not know how to return.
Heres what I've done which sounds like it would work in theory but have not tested yet. In the concentrator i've added the network to the ip routing/static routes section. All inbound traffic from vpn to 10.0.0.0 is pointed to the 10.25.100.1 router. works fine for vpn client connections becuase clients get assigned a 10.25.100.xxx address from a pool. Since the concentrator runs RIP, i did a router rip on the cisco router and network 10.0.0.0. I am hoping that by doing this that the rest of the network will become "aware" of how to get packets back to the concentrator for the 10.25.99.0 network.
The other option I am looking at is adding a static route to 10.25.99.0 pointed to the lan interface of the concentrator. I'm not sure if this route will populate the routing tables as i am still a novice at eigrp routing.
giving the EIGRP router a static route to point the .99.0 network you will populate the routing table af that router, the same you do enabling rip on the concentrator and the pix.
You must asuure that all aother EIGRP routers recieve the routing information, if not so work with static routes.
I think that you should have placed the inside interface of the concentrator in the DMZ and the outside interface on the internet because doing so your firewall will be able to inspact decripted pachets.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :