Do you have the subnet of the client to site users in your policy/proxy id's on the site to site ?
What i usually do in these scenarios is create a VPN zone in which i place a tunnel interface (on both devices).
I then create a route based VPN between the tunnel interfaces, on proxy id's 0.0.0.0/0 (or 192.168.0.0/16).
The client to site vpn terminates on the untrust. I need a couple of policies then:
- untrust to trust to allow the vpn clients to site a (only on FW-site A)
- untrust to vpn-zone to allow the vpn clients to site b (only on FW-site A)
- trust to vpn to allow site a to communicate to site b (on FW-site A and site B)
- vpn to trust to allow site b to communicate to site a (on FW-site A and site B)
Set up routing to the tunnel interfaces
- Route Subnet-SiteB to tunnel-if on site A
- Route Subnet-SiteA to tunnel-if on siteB
This way you should get it running...
Dennis
Message Edited by dennish on 30-01-2009 08:00 AM