cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

192
Views
6
Helpful
6
Replies
Highlighted
Beginner

Remote VPN

Greetings all,

Site A is connected to Site B via a IPSEC VPN tunnel. Now I also have remote users using a VPN client connecting to site A. Is it possible to configure the PIX in site A so that when a remote user connects to site A the user will also have connectivity to site B (via the IPSEC tunnel)?

6 REPLIES 6
Highlighted
Cisco Employee

Yes, this should be possible using the concept "Hairpinning or U-turn". The exact command is "same-security-traffic permit intra-interface".

Please refer the below URL for details:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00805734ae.shtml

Regards,

Arul

** Please rate all helpful posts **

Highlighted

Adding to what Arul posted, you will also need to add the additional traffic to your crypto acl's on both pixes and also the nat exemption acl on pix b. Also, you didn't mention what version pix you use, if version 6, the above does not apply.

Highlighted

Sorry i did not at the PIX os ver the first time.

The pix is running on 6.3

with that said, is it still possible?

Highlighted

No, it's not possible with what has been mentioned here. You can not hairpin in pix 6.x.

Highlighted

Nope, Not possible with 6.3.

Regards,

Arul

** Please rate all helpful posts **

Highlighted

Do you know if you can give my inbound VPN clients access to the Internet after they are connected to my PIX running IOS 7.0 or 8.0? My users would me making inbound PPTP vpn connections from their random computers, not using the Cisco VPN client. I want them to have Internet access as well as access to our corporate network.

Thanks

Content for Community-Ad