https://community.cisco.com/t5/network-security/vpn-clients-being-able-to-access-already-setup-tunnels/m-p/253277#M1060212 <P>Hi everybody, </P><P></P><P>I have a central site with one 506E Pix and 5 remote sites connected using 501E Pix (IpSec Tunnels). Now I have to permit VPN clients to connect to the central site (no problem for this) but also they have to be able to access the remote sites, at least one of them. </P><P>For what I know, this can't be done using a 506E Pix but my question is... If got a 515E Pix with three interfaces could this be solved? </P><P>I would appreciate you answered me or suggested any other solution for the problem. </P><P></P><P>Thank you all in advanced! </P><P></P> Fri, 21 Feb 2020 07:13:52 GMT pression2 2020-02-21T07:13:52Z https://community.cisco.com/t5/network-security/vpn-clients-being-able-to-access-already-setup-tunnels/m-p/253277#M1060212 <P>Hi everybody, </P><P></P><P>I have a central site with one 506E Pix and 5 remote sites connected using 501E Pix (IpSec Tunnels). Now I have to permit VPN clients to connect to the central site (no problem for this) but also they have to be able to access the remote sites, at least one of them. </P><P>For what I know, this can't be done using a 506E Pix but my question is... If got a 515E Pix with three interfaces could this be solved? </P><P>I would appreciate you answered me or suggested any other solution for the problem. </P><P></P><P>Thank you all in advanced! </P><P></P> Fri, 21 Feb 2020 07:13:52 GMT https://community.cisco.com/t5/network-security/vpn-clients-being-able-to-access-already-setup-tunnels/m-p/253277#M1060212 pression2 2020-02-21T07:13:52Z https://community.cisco.com/t5/network-security/vpn-clients-being-able-to-access-already-setup-tunnels/m-p/253278#M1060213 <HTML><HEAD></HEAD><BODY><P>What about creating another connection entry on your VPN client and configuring the 506 for accepting client connections. All that the remote user has to do is to choose the appropriate connection entry and connect using it. </P></BODY></HTML> Thu, 12 Feb 2004 15:02:31 GMT https://community.cisco.com/t5/network-security/vpn-clients-being-able-to-access-already-setup-tunnels/m-p/253278#M1060213 drolemc 2004-02-12T15:02:31Z https://community.cisco.com/t5/network-security/vpn-clients-being-able-to-access-already-setup-tunnels/m-p/253279#M1060214 <HTML><HEAD></HEAD><BODY><P>The 506E on central site is already configured to accept vpn connections. </P><P>The problem is that it connects on the outside interface of the Pix and therefore it cannot use the already setup tunnels used by the remote sites. </P><P>If you meant setting up several client connecting, each one of them pointing to the remote sites PIX's, the answer is Yes I can do that, but I want to make it simple for the user so he can establish a vpn client connection and have access to the entire network (or at least to one remote site).</P></BODY></HTML> Thu, 12 Feb 2004 15:32:38 GMT https://community.cisco.com/t5/network-security/vpn-clients-being-able-to-access-already-setup-tunnels/m-p/253279#M1060214 pression2 2004-02-12T15:32:38Z https://community.cisco.com/t5/network-security/vpn-clients-being-able-to-access-already-setup-tunnels/m-p/253280#M1060215 <HTML><HEAD></HEAD><BODY><P>I dont think it is possible with any kind of PIX. Simply cause PIX cant route traffic coming from one interface and route it back to same interface. which means traffic coming from one VPN tunnel cant go out to another tunnel. You can use a Router making it a hub and rest being spoke. With router you will be able to acheive what you are trying to do. </P><P></P></BODY></HTML> Wed, 03 Mar 2004 19:51:52 GMT https://community.cisco.com/t5/network-security/vpn-clients-being-able-to-access-already-setup-tunnels/m-p/253280#M1060215 shabib.syed 2004-03-03T19:51:52Z https://community.cisco.com/t5/network-security/vpn-clients-being-able-to-access-already-setup-tunnels/m-p/253281#M1060217 <HTML><HEAD></HEAD><BODY><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/customer/tech/tk583/tk372/technologies_configuration_example09186a0080103ed0.shtml" target="_blank">http://www.cisco.com/en/US/customer/tech/tk583/tk372/technologies_configuration_example09186a0080103ed0.shtml</A></P><P></P><P>gives an explaination on how to hack together this solution</P></BODY></HTML> Fri, 05 Mar 2004 16:22:54 GMT https://community.cisco.com/t5/network-security/vpn-clients-being-able-to-access-already-setup-tunnels/m-p/253281#M1060217 mostiguy 2004-03-05T16:22:54Z https://community.cisco.com/t5/network-security/vpn-clients-being-able-to-access-already-setup-tunnels/m-p/253282#M1060221 <HTML><HEAD></HEAD><BODY><P>I'm agreeing with proposed solution. Good news also that PIX firmware 6.3 support VLANs. So you do not need separate physical interfaces. Possible next releases solve problems with VPN tunnel routing. Most firewall vendors made this decision - allow VPN routing through the HUB.</P></BODY></HTML> Thu, 11 Mar 2004 19:47:45 GMT https://community.cisco.com/t5/network-security/vpn-clients-being-able-to-access-already-setup-tunnels/m-p/253282#M1060221 sergej.gurenko 2004-03-11T19:47:45Z