Firewall/Routing Question

Hi,

I have two PIX 515e's at different locations which are currently connected using a L2L vpn.

We have just had a managed BT MPLS link installed.

We gave BT our internal network ranges and they confirmed their side of the work has been completed.

what I want to do now is use the pix at either end to route and connect the internal networks.

So far I have managed to establish connectivity between the 515e's on their 192.168.1.0/24 and 192.168.3.0/24 networks but am not sure where to go now to enable connectivity to the internal LANS behind the Firewalls.

I would be really grateful if anyone could help.

Kind regards
J Mack

I am doing the same thing. I have two PIX firewalls with an established Site-to-Site VPN between the two of them.

After you establish the VPN between the two firewalls you would need to setup access lists on each PIX to allow packets to communicate with each other.

PIX 1: 192.168.1.0/24
PIX 2: 192.168.2.0/24

On each pix I have similar access lists which allow traffic between the two networks and then the second part prevents the use of NAT when communicating:

access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list NoNAT permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
nat (inside) 0 access-list NoNAT
nat (inside) 1 0.0.0.0 0.0.0.0 0 0

These settings were taken from a basic site to site setup document that I found on Ciscos site.