Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
512
Views
6
Helpful
6
Replies

Remote VPN

merryllem
Level 1
Level 1

‎09-30-2008 11:02 AM - edited ‎03-11-2019 06:51 AM

Greetings all,

Site A is connected to Site B via a IPSEC VPN tunnel. Now I also have remote users using a VPN client connecting to site A. Is it possible to configure the PIX in site A so that when a remote user connects to site A the user will also have connectivity to site B (via the IPSEC tunnel)?

Labels:
0 Helpful
6 Replies 6

ajagadee
Cisco Employee
Cisco Employee

‎09-30-2008 11:16 AM

Yes, this should be possible using the concept "Hairpinning or U-turn". The exact command is "same-security-traffic permit intra-interface".

Please refer the below URL for details:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml

Regards,

Arul

** Please rate all helpful posts **

acomiskey
Level 10
Level 10
In response to ajagadee

‎09-30-2008 11:39 AM

Adding to what Arul posted, you will also need to add the additional traffic to your crypto acl's on both pixes and also the nat exemption acl on pix b. Also, you didn't mention what version pix you use, if version 6, the above does not apply.

0 Helpful

merryllem
Level 1
Level 1
In response to acomiskey

‎09-30-2008 12:10 PM

Sorry i did not at the PIX os ver the first time.

The pix is running on 6.3

with that said, is it still possible?

0 Helpful

acomiskey
Level 10
Level 10
In response to merryllem

‎09-30-2008 12:12 PM

No, it's not possible with what has been mentioned here. You can not hairpin in pix 6.x.

0 Helpful

ajagadee
Cisco Employee
Cisco Employee
In response to merryllem

‎09-30-2008 12:29 PM

Nope, Not possible with 6.3.

Regards,

Arul

** Please rate all helpful posts **

bfpnetadmin
Level 1
Level 1
In response to ajagadee

‎10-29-2008 12:30 PM

Do you know if you can give my inbound VPN clients access to the Internet after they are connected to my PIX running IOS 7.0 or 8.0? My users would me making inbound PPTP vpn connections from their random computers, not using the Cisco VPN client. I want them to have Internet access as well as access to our corporate network.

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card