Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Third network access over site-to-site VPN

I have a client whith two offices connected by a site to site VPN between two PIX 501's with IOS 6.3(1). Office-A has local address range 192.168.101.0/24 and Office-B has local address range 192.168.120.0/24. The client also has a telephone system, installed and maintained by a 3rd party, and this system is accessed via ISDN into Office-A by the 3rd Party support company. It behaves just like a router. The issue is that, when the telco accesses their telephone equipment in Office-A they get an IP address which is not on the local address range (it is issued by their system), eg 10.10.10.14/24 and they cannot access their equipment in Office-B over the VPN.

We have attempted to alter the PIX configs to be aware of the 10.10.10.0 addresses with static routes etc, but the VPN is confusing the issue. We need to know how to make the PIXes direct the traffic from the 3rd network (10.10.10.0) to and from the local networks at each end of the VPN.

Can anyone help with the commands required?

Many thanks

gelcome63

1 REPLY
New Member

Re: Third network access over site-to-site VPN

Office-A PIX

route inside 10.10.10.0 255.255.255.0 192.168.101.x (where x is the ip of the telephone system)

Office-A Telephone system

add static route to the 192.168.120.0 network pointing to the inside IP of Office-A PIX(however that's accomplished with the system)

Office-B PIX

add the 10.10.10.0 network to the acl used to exclude NAT and the ACL used to specify interesting traffic for the crypto map. For example, if you are using

nat (inside) 0 access-list 101

crypto map your-map-name match address 101

then add

access-list 101 permit ip 192.168.120.0 255.255.255.0 10.10.10.0 255.255.255.0

If this doesn't move you in the right direction, it might be helpful if you would post a copy of your pix configs.

Bob

97
Views
0
Helpful
1
Replies