Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Tunnel Everything Through IPSec

Hi. If this has been asked before, I apologize and please direct me to the post -- I could not find it.

My question is a little unique. I have a community network where different companies can join to share resources. I am working with one company who has two locations connected on this network.. I am trying to set it up such that PIX-A is on the remote end, PIX-C is another company’s PIX, PIX-B is at the main site to terminate the traffic from PIX-A and PIX-C, and PIX-D provides Internet access to local users and users being served from PIX-A.

I know it’s confusing – here’s a basic map below:

Remote Network --> PIX-A --> Community Network --> PIX-B --> Local Company Network --> PIX-D --> Internet

AND

Remote Network --> PIX-A --> Community Network --> PIX-C --> Other Company’s Network

AND

Local Company Network --> PIX-B --> Community Network --> PIX-C --> Other Company’s Network

I have gotten this to work, but it only lasts for a short while and then starts failing again. I’m not sure why it fails, but it just starts.

I’ve tried doing this with basic access-lists; the access-list for PIX-A is below:

!Access List used for access to the Internet and local Corporate LAN:

!

access-list corp deny ip 192.168.103.0 255.255.255.0 10.2.0.0 255.255.0.0

access-list corp deny ip 192.168.103.0 255.255.255.0 10.52.0.0 255.255.0.0

access-list corp permit ip 192.168.103.0 255.255.255.0 any

!

!Access List used to access remote network:

!

access-list remote1 permit ip 192.168.103.0 255.255.255.0 10.2.0.0 255.255.0.0

access-list remote1 permit ip 192.168.103.0 255.255.255.0 10.52.0.0 255.255.0.0

!

!Access List for NAT 0 Statement:

!

access-list no-nat permit ip 192.168.103.0 255.255.255.0 any

Again, ot works for a while, and then stops. I’ve never tried this before – I must be missing something, so any help is appreciated. Thanks!

Mike

2 REPLIES
Bronze

Re: Tunnel Everything Through IPSec

In IPsec transport mode everything will be encrpted .

In this type of encryption the NAT after ipsec.

For more information refer to the following url:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009486e.shtml

New Member

Re: Tunnel Everything Through IPSec

I have a request to tunnel everything from site B to site A. We want site B's default route to be site A even if traffic is destined for the Internet. This configuration is needed to force traffic through URL filter at site A.

149
Views
0
Helpful
2
Replies
CreatePlease to create content