Book Excerpt: Cisco Secure Internet Security Solutions - part 3 - Page 6
Remote Site Configuration
At this point, you have a configuration that allows the main office to communicate through the Internet. You allowed access to the Web, FTP, and mail servers. What you do not have is access from the remote sites in Manchester and Seattle. The reason you do not have access is that the nat statement only applies to the Chicago LAN. You can easily add access to the Seattle and Manchester offices by adding the following lines:
nat (inside) 1 10.2.1.0 255.255.255.0 0 0 nat (inside) 1 10.3.1.0 255.255.255.0 0 0 route inside 10.2.1.0 255.255.255.0 172.30.1.1 1 route inside 10.3.1.0 255.255.255.0 172.30.1.1 1
In our next installment of Cisco Secure Internet Security Solutions - Chapter 4, we will look at Single DMZ Configuration, which allows configuration of the PIX through something other than the console. The configuration also enables SNMP, a syslog server, and filter URLs.