Routing between VPN networks

5 pts.
Tags:
Cisco PIX
Network routing
VPN
VPN routers
Hi, At work we have two private networks in different cities. The first network is 10.10.0.0/16 (A) and the other is 10.20.0.0/16 (B). They are connected with VPN using two cisco PIX. The VPN works as expected. Computers at network A can access those at network B and vice versa. The PIX located at network A has other VPN connections to several clients (the same PIX is used for VPN between networks A and B) with similar addressing scheme 10.x.0.0/16. The question is how can these VPN networks be accessed directly from network B? The same problem arises when someone wants to connect to the network A from the outside using the cisco vpn client. How can this user access directly the network B (and the other client VPN networks) without first connecting (through ssh) to a server on network A? Networks A and B are consisted of mainly linux and other unix servers with some windows PCs. Regards, Vlatko Postolov

Answer Wiki

Thanks. We'll let you know when a new response is added.

Access to other Sites
Your default route is probably the reason you can’t access other sites in site B. Check that your gateway switch or router has IP routes to the networks off of Site A. A very unrestricted (kind of frowned on..) route would be “IP ROUTE 10.0.0.0 255.0.0.0 (site b pix IP)”

Outside Access to Site B
It sounds like your access lists are restricting access to the VPN by address. Meaning only clients with an IP address in 10.10.0.0/16 will be able to access site B. If your client VPN assigns a DHCP address to the clients, make sure that address range is included in the access list.

Sorry, we need more help on this!

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Dmitry1
    Hi, I have very similar setup and same problem. This has nothing to do with default routes, as at both locations they always shall point to external world in order to route hosts traffic to an internet. "IP ROUTE (remote_lan mask remote_site_Firewall_IP)” is essential for communication between site_A and site_B hosts. In our setup all of this works just fine, but you do not have access to hosts_B if you VPN to Firewal_A (SAS-5520 in our case). By default setup CISCO does not rout VPN traffic to any remote networks. The VPN connection is limited only to a network physically connected to a Firewall and also gives you Internet access (over tunnel). I can understand why it is the case, when you have site-to-site VPN tunnel between Site_A and Site_B. CISCO could claim if user want connect to hosts at the other site - establish new VPN connection to that site. Inconvenient I could say, but doable. But in our setup we have remote (from the site with ASA appliance) network connected over point-to-point dedicated corporate channel. I have played with all possible combination of routs and access lists and could not figure it. I will very appreciate any ideas or advices. Bets regards, Dmitry.
    25 pointsBadges:
    report
  • Pollox
    We have the same problem ... You can solve it?
    10 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following