Second internal subnet

[thirdeye]

I'm kinda stuck with a problem here. I want to put a specific set of people who need site-to-site VPN access with a partner of ours.

The VPN will be a PIX 515e to Cisco 3000 series concentrator connection. My default ip scheme is 172.17.xxx.xxx but I'd like to put the dozen or so people who need access to this VPN on a 172.15.xxx.xxx subnet.

I believe this is an easy problem that I'm just making more difficult than necessary, but I may be wrong. Keep in mind the .15 people need to be able to access the .17 network and vice versa.

Currently all traffic routed through my PIX as the default gateway. What do I need to do with the PIX to allow the .15 subnet to see it?

Is this possible or am I going about this all the wrong way?

 

[James Bond]

Did you add the iproute to 172.17.xxx.xxx to the Cisco router, and the 172.15.xxx.xxx to the PIX router?

Am I reading this wrong or are they just not being able to contact each other? Can you ping? traceroute? telnet?

 

[thirdeye]

Originally posted by: Tizyler
Did you add the iproute to 172.17.xxx.xxx to the Cisco router, and the 172.15.xxx.xxx to the PIX router?

Am I reading this wrong or are they just not being able to contact each other? Can you ping? traceroute? telnet?

I may have not explained well enough, the .15 and .17 are both behind the PIX. The reason I mentioned the VPN is because I want to have the .15 subnet solely for the VPN access. To the Cisco.

Right now I can't ping the .15 subnet and the .15 subnet can't ping anything on teh .17 subnet, including the PIX.

 

[James Bond]

What are your subnet masks?

 

[thirdeye]

Originally posted by: Tizyler
What are your subnet masks?

255.255.0.0

 

[James Bond]

My subnettings rusty but now you've got me curious. I'll help you get it in my next period in 10 minutes (if you haven't already)

 

[thirdeye]

Certainly haven't, I haven't had to do subnetting in forever, so I'm thinking this is an easy fix, but I'm just over-looking the obvious.

 

[BornStar]

Do you have a router betwen the 172.15.0.0 and the 172.17.0.0 networks?

 

[thirdeye]

No and I'm thinking that's why it's not working.

 

[BornStar]

That would be one of your problems. With the way you've got your subnetting set up, the 172.15.0.0 network will need a gateway to communicate with other networks and vice versa.

I'm not going to pretend to know anything about PIX and VPN concentrators (because I don't) so that's all the help you're going to get from me.

 

[thirdeye]

Originally posted by: BornStar18
That would be one of your problems. With the way you've got your subnetting set up, the 172.15.0.0 network will need a gateway to communicate with other networks and vice versa.

I'm not going to pretend to know anything about PIX and VPN concentrators (because I don't) so that's all the help you're going to get from me.

This is what I was thinking, but I was hoping that I'd be able to get the PIX to function as the gateway for both subnets, but that may not even be possible?

 

[thirdeye]

bump?

 

[James Bond]

did you make an ip route on the PIX to 0.0.0.0 0.0.0.0?

so on the pix: ip route 0.0.0.0 0.0.0.0 [outgoing interface]

I dont see why you would need another route inbetween the 172.15.0.0 and 172.17.0.0 networks... why?