Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Third network access over site-to-site VPN

I have a client whith two offices connected by a site to site VPN between two PIX 501's with IOS 6.3(1). Office-A has local address range and Office-B has local address range The client also has a telephone system, installed and maintained by a 3rd party, and this system is accessed via ISDN into Office-A by the 3rd Party support company. It behaves just like a router. The issue is that, when the telco accesses their telephone equipment in Office-A they get an IP address which is not on the local address range (it is issued by their system), eg and they cannot access their equipment in Office-B over the VPN.

We have attempted to alter the PIX configs to be aware of the addresses with static routes etc, but the VPN is confusing the issue. We need to know how to make the PIXes direct the traffic from the 3rd network ( to and from the local networks at each end of the VPN.

Can anyone help with the commands required?

Many thanks


New Member

Re: Third network access over site-to-site VPN

Office-A PIX

route inside 192.168.101.x (where x is the ip of the telephone system)

Office-A Telephone system

add static route to the network pointing to the inside IP of Office-A PIX(however that's accomplished with the system)

Office-B PIX

add the network to the acl used to exclude NAT and the ACL used to specify interesting traffic for the crypto map. For example, if you are using

nat (inside) 0 access-list 101

crypto map your-map-name match address 101

then add

access-list 101 permit ip

If this doesn't move you in the right direction, it might be helpful if you would post a copy of your pix configs.