https://community.cisco.com/t5/network-security/pix-case-outside-inside/m-p/855739#M494925 <P>Hi there, attached is what i want to do.</P><P></P><P>I want to:</P><P>1.start a vpn site to site with the pix firewall A and the Checkpoint VPN.</P><P>2.pc has to connect to PC 3(via the VPN)and also to PC1 on the Lan ext.</P><P>3. For testing i want pc1 and pc3 to be able to ping PC2 and vice versa, pc2 to ping pc3 and pc1</P><P></P><P>can this be established? how can i do this. can some one point me in the right direction? Thanks</P><P></P><P> </P><P></P> Fri, 21 Feb 2020 09:45:51 GMT greg-bnets 2020-02-21T09:45:51Z https://community.cisco.com/t5/network-security/pix-case-outside-inside/m-p/855739#M494925 <P>Hi there, attached is what i want to do.</P><P></P><P>I want to:</P><P>1.start a vpn site to site with the pix firewall A and the Checkpoint VPN.</P><P>2.pc has to connect to PC 3(via the VPN)and also to PC1 on the Lan ext.</P><P>3. For testing i want pc1 and pc3 to be able to ping PC2 and vice versa, pc2 to ping pc3 and pc1</P><P></P><P>can this be established? how can i do this. can some one point me in the right direction? Thanks</P><P></P><P> </P><P></P> Fri, 21 Feb 2020 09:45:51 GMT https://community.cisco.com/t5/network-security/pix-case-outside-inside/m-p/855739#M494925 greg-bnets 2020-02-21T09:45:51Z https://community.cisco.com/t5/network-security/pix-case-outside-inside/m-p/855740#M494926 <HTML><HEAD></HEAD><BODY><P>Hi .. OK</P><P></P><P>Let's divide this in two tasks.</P><P></P><P>1.- Communication between PC1 and PC2</P><P></P><P>* on the PIX You need a static NAT entry for PC2 as below</P><P></P><P>static (inside,outside1) PC2-Real-IP-Address PC2-Real-IP-Address netmask 255.255.255.255</P><P></P><P>* allow access from PC1 to PC2</P><P>access-list outside1_inside permit icmp host PC1 host PC2-Real-IP-Address</P><P>access-group outside1_inside in interface outside1</P><P></P><P>* If you have an access list applied to the inside interface then you need </P><P>to add an entry that allows icmp access from PC2 to PC1 i.e</P><P>access-list inside-out permit icmp host PC2-Real-IP-Address host PC1</P><P>access-group inside-out in interface inside</P><P></P><P>* You might need to add a static route on the firewall for 192.168.3.0/24</P><P>route outside1 192.168.3.0 255.255.255.0 10.10.40.2</P><P></P><P>* Make sure any other devices between those segments know how to get to each other</P><P></P><P>2.- Communication between PC2 and PC3</P><P></P><P>Can you clarify .. is the VPN between routerA and Checkpoint already UP ?</P><P></P><P>if it is then we would need to have a look at the config of routerA before sugggesting </P><P>next steps to follow.</P><P></P><P>I hope it helps .. please rate it if it does !!!</P><P></P><P></P><P></P><P></P></BODY></HTML> Wed, 07 Nov 2007 22:30:51 GMT https://community.cisco.com/t5/network-security/pix-case-outside-inside/m-p/855740#M494926 Fernando_Meza 2007-11-07T22:30:51Z https://community.cisco.com/t5/network-security/pix-case-outside-inside/m-p/855741#M494927 <HTML><HEAD></HEAD><BODY><P>Hi ferando.</P><P></P><P>I did some home work and resolved the issue. But thanks for the help anyway. i will still rate for you. What i still have is that with the VPN my site can only initiate the tunnel to be up. Lets only if i start pinging the other side, they can ping me back. How can i keep the tunnel up 24/7?</P><P></P><P>Thanks.</P></BODY></HTML> Fri, 09 Nov 2007 19:15:40 GMT https://community.cisco.com/t5/network-security/pix-case-outside-inside/m-p/855741#M494927 greg-bnets 2007-11-09T19:15:40Z