09-30-2008 11:02 AM - edited 03-11-2019 06:51 AM
Greetings all,
Site A is connected to Site B via a IPSEC VPN tunnel. Now I also have remote users using a VPN client connecting to site A. Is it possible to configure the PIX in site A so that when a remote user connects to site A the user will also have connectivity to site B (via the IPSEC tunnel)?
09-30-2008 11:16 AM
Yes, this should be possible using the concept "Hairpinning or U-turn". The exact command is "same-security-traffic permit intra-interface".
Please refer the below URL for details:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml
Regards,
Arul
** Please rate all helpful posts **
09-30-2008 11:39 AM
Adding to what Arul posted, you will also need to add the additional traffic to your crypto acl's on both pixes and also the nat exemption acl on pix b. Also, you didn't mention what version pix you use, if version 6, the above does not apply.
09-30-2008 12:10 PM
Sorry i did not at the PIX os ver the first time.
The pix is running on 6.3
with that said, is it still possible?
09-30-2008 12:12 PM
No, it's not possible with what has been mentioned here. You can not hairpin in pix 6.x.
09-30-2008 12:29 PM
Nope, Not possible with 6.3.
Regards,
Arul
** Please rate all helpful posts **
10-29-2008 12:30 PM
Do you know if you can give my inbound VPN clients access to the Internet after they are connected to my PIX running IOS 7.0 or 8.0? My users would me making inbound PPTP vpn connections from their random computers, not using the Cisco VPN client. I want them to have Internet access as well as access to our corporate network.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide