| All Categories |
Primers
VPN, Firewall, Security ... |
Guides
HowTo, Choosing a VPN ... |
Reference
Articles, FAQs, Whitepapers ... |
Standards
Architectures, Protocols ... |
Downloads
VPN, Firewall, Security ... |
Products & Services
Hardware, Software, Services |
| Organizations |
Business
Market Research, Law ... |
| Forums |
News
Archive, Events, Newsletters ... |
|
|
| |
| VPN labs is an open community for researching, testing, reviewing, and discussing Virtual Private Networks. Get trusted, unbiased advice on just about everything related to VPN. For more detail check: How to use this site. VPN Labs - VIRTUAL PRIVATE NETWORKS - Free VPN Software and Virtual Private Network News. |
|
|
|
|
srini
Member since:
2008-10-15 23:02:23 |  posted: 2008-10-15 23:14:26
site to site vpn tunnel
with multiple subnets at
one end
----------
Hello everyone,
I
have a site to site vpn
tunnel estabilshed from
siteA to siteB (SiteA
with local net as
192.168.0.0/255.255.252.0
and siteB with local net
as 172.1.0.0/255.255.0.0)
successfully, now we
recently added a new
subnet 172.10.0.0/16 at
the siteB. For this I
have added the acl to
pass 172.10.0.0/16
traffic thru vpn tunnel
and found that only one
network is active in the
vpn tunnel at time.
Unable to access
the both networks (172.1
and 172.10) at the same
time.
I have
pix525 at SiteA and
GTAFirewall at
SiteB
Below is the
configuration I have,
anybody please can
suggest how to reslove
this problem.
-----------------
------
PIX Version
6.3(4)
access-
list 103 permit ip
192.168.0.0 255.255.252.0
172.1.0.0
255.255.0.0
access-lis
t 103 permit ip
192.168.0.0 255.255.0.0
172.10.0.0
255.255.0.0
access
-list pix-gta0 permit ip
192.168.0.0 255.255.252.0
172.1.0.0
255.255.0.0
access
-list pix-gta1 permit ip
192.168.0.0 255.255.252.0
172.10.0.0
255.255.0.0
na
t (inside) 0 access-list
103
nat (inside) 1
0.0.0.0 0.0.0.0 0
0
sysopt connection
permit-ipsec
c
rypto ipsec transform-set
pix-gtaset0 esp-des
esp-md5-hmac
crypto
ipsec transform-set
pix-gtaset1 esp-des
esp-md5-hmac
crypt
o map outside_map_1 10
ipsec-isakmp
crypto
map outside_map_1 10
match address
pix-gat0
crypto map
outside_map_1 10 set peer
"GTA firewall IP
x.x.x.x"
crypto map
outside_map_1 10 set
transform-set
pix-gtaset0
crypto
map outside_map_1 30
ipsec-isakmp
crypto
map outside_map_1 30
match address
pix-gat1
crypto map
outside_map_1 30 set peer
"GTA firewall IP
x.x.x.x"
crypto map
outside_map_1 30 set
transform-set
pix-gtaset1
crypto
map outside_map_1
interface
outside
isakmp
enable
outside
isakmp
key ******** address "GTA
firewall IP x.x.x.x"
netmask 255.255.255.255
no-xauth
no-config-mode
isa
kmp identity
address
isakmp
keepalive 15 5
isakmp
nat-traversal
20
isakmp policy
10 authentication
pre-share
isakmp
policy 10 encryption
des
isakmp policy 10
hash md5
isakmp policy
10 group 2
isakmp
policy 10 lifetime
86400
--------
-------------------------
----
For any
further info, please let
me know.
Your help is
greatly
apperciated.
Thank
s
Srini |
|
