• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Second internal subnet

thirdeye

thirdeye

Platinum Member
I'm kinda stuck with a problem here. I want to put a specific set of people who need site-to-site VPN access with a partner of ours.

The VPN will be a PIX 515e to Cisco 3000 series concentrator connection. My default ip scheme is 172.17.xxx.xxx but I'd like to put the dozen or so people who need access to this VPN on a 172.15.xxx.xxx subnet.

I believe this is an easy problem that I'm just making more difficult than necessary, but I may be wrong. Keep in mind the .15 people need to be able to access the .17 network and vice versa.

Currently all traffic routed through my PIX as the default gateway. What do I need to do with the PIX to allow the .15 subnet to see it?

Is this possible or am I going about this all the wrong way?
 
Did you add the iproute to 172.17.xxx.xxx to the Cisco router, and the 172.15.xxx.xxx to the PIX router?

Am I reading this wrong or are they just not being able to contact each other? Can you ping? traceroute? telnet?
 
Originally posted by: Tizyler
Did you add the iproute to 172.17.xxx.xxx to the Cisco router, and the 172.15.xxx.xxx to the PIX router?

Am I reading this wrong or are they just not being able to contact each other? Can you ping? traceroute? telnet?
Click to expand...

I may have not explained well enough, the .15 and .17 are both behind the PIX. The reason I mentioned the VPN is because I want to have the .15 subnet solely for the VPN access. To the Cisco.

Right now I can't ping the .15 subnet and the .15 subnet can't ping anything on teh .17 subnet, including the PIX.
 
My subnettings rusty but now you've got me curious. I'll help you get it in my next period in 10 minutes (if you haven't already)
 
Certainly haven't, I haven't had to do subnetting in forever, so I'm thinking this is an easy fix, but I'm just over-looking the obvious.
 
That would be one of your problems. With the way you've got your subnetting set up, the 172.15.0.0 network will need a gateway to communicate with other networks and vice versa.

I'm not going to pretend to know anything about PIX and VPN concentrators (because I don't) so that's all the help you're going to get from me.
 
Originally posted by: BornStar18
That would be one of your problems. With the way you've got your subnetting set up, the 172.15.0.0 network will need a gateway to communicate with other networks and vice versa.

I'm not going to pretend to know anything about PIX and VPN concentrators (because I don't) so that's all the help you're going to get from me.
Click to expand...


This is what I was thinking, but I was hoping that I'd be able to get the PIX to function as the gateway for both subnets, but that may not even be possible?
 
did you make an ip route on the PIX to 0.0.0.0 0.0.0.0?

so on the pix: ip route 0.0.0.0 0.0.0.0 [outgoing interface]

I dont see why you would need another route inbetween the 172.15.0.0 and 172.17.0.0 networks... why?
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top