02-06-2004 01:08 AM - edited 02-20-2020 11:13 PM
Hi everybody,
I have a central site with one 506E Pix and 5 remote sites connected using 501E Pix (IpSec Tunnels). Now I have to permit VPN clients to connect to the central site (no problem for this) but also they have to be able to access the remote sites, at least one of them.
For what I know, this can't be done using a 506E Pix but my question is... If got a 515E Pix with three interfaces could this be solved?
I would appreciate you answered me or suggested any other solution for the problem.
Thank you all in advanced!
02-12-2004 07:02 AM
What about creating another connection entry on your VPN client and configuring the 506 for accepting client connections. All that the remote user has to do is to choose the appropriate connection entry and connect using it.
02-12-2004 07:32 AM
The 506E on central site is already configured to accept vpn connections.
The problem is that it connects on the outside interface of the Pix and therefore it cannot use the already setup tunnels used by the remote sites.
If you meant setting up several client connecting, each one of them pointing to the remote sites PIX's, the answer is Yes I can do that, but I want to make it simple for the user so he can establish a vpn client connection and have access to the entire network (or at least to one remote site).
03-03-2004 11:51 AM
I dont think it is possible with any kind of PIX. Simply cause PIX cant route traffic coming from one interface and route it back to same interface. which means traffic coming from one VPN tunnel cant go out to another tunnel. You can use a Router making it a hub and rest being spoke. With router you will be able to acheive what you are trying to do.
03-05-2004 08:22 AM
gives an explaination on how to hack together this solution
03-11-2004 11:47 AM
I'm agreeing with proposed solution. Good news also that PIX firmware 6.3 support VLANs. So you do not need separate physical interfaces. Possible next releases solve problems with VPN tunnel routing. Most firewall vendors made this decision - allow VPN routing through the HUB.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide