Home > IT Answers > Networking > Cisco pix vpn access
Help

Question

  Asked: Mar 12 2008   10:41 PM GMT
  Asked by: Rowley613

Cisco pix vpn access


Cisco, PIX, VPN

I have 1 main office and 3 remote offices connected by Cisco Pix's. The main server and email server are in the main office. As long as the computers are on the network everything is fine. The main office has a vpn set up for remote users and it works fine. The other offices want this set up as well, but the problem being the mail server is in the main office. When setting up vpn's on the remote routers, they can connect and ping on their local subnets. However, they can not ping across the vpn to the main office. Is it possible to set it up to do this?

Basically

Working:
Remote user-VPN TO MAIN- Main subnet
remote user-vpn to remote router-remote subnet

Not working
Remote user-vpn to remote router-vpn to main - main subnet

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
+1
Click to Vote:
  •   1
  •  0
Last Answered: Mar 13 2008  0:40 AM GMT  by Kb3cgj


Latest Contributors: Buddyfarr


Do you have routing setup? At each of the remote offices you need to put routes on the router to the different networks. And vice versa...you need to setup the remote office networks on the router at your main location.

If you have more specific routing questions...let me know.

Here is an example:

Main Office: 192.168.0.x/255.255.255.0
-Router Internal Address - 192.168.0.1

Routes:
route 192.168.1.0 255.255.255.0 192.168.0.100 (New York)
route 192.168.2.0 255.255.255.0 192.168.0.101 (Miami)

New York Office: 192.168.1.x/255.255.255.0
-Router Internal Address - 192.168.1.1
-Router VPN Interface - 192.168.0.100

Routes:
Default

Miami Office: 192.168.2.x/255.255.255.0
-Router Internal Address - 192.168.2.1
-Router VPN Interface - 192.168.0.101

Routes:
Default

If VPN Device is also the router then the default route should be all that is needed. If you have separate devices then you need to set the routes to use the VPN device as the next hop address.
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Networking and Security.

Looking for relevant Networking Whitepapers? Visit the SearchNetworking.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

Rowley613  |   Mar 13 2008  4:17AM GMT

The vpns are being handled by the router.

Here is the setup.

Chi 192.168.111.0 ex 12.xxx.xxx.xxx
cali 192 .168.1.0 ex 75.xxx.xxx.xxx
was 192.168.2.0 ex 70.xxx.xxx.xxx

I have default routes set on the outside interfaces to the external address ex.

chicago to cali 192.168.1.0 255.255.255.0 75.xxx.xxx.xxx

From the routers I can ping across networks fine. If its a computer on the domain I can access anything on any subnet. If its a vpn client I can only access the subnet that the client is vpn’ing to. So if they vpn into the cali router, they cant see anything on the chicago subnet.