Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1235
Views
5
Helpful
5
Replies

VPN clients being able to access already setup tunnels

pression2
Level 1
Level 1

‎02-06-2004 01:08 AM - edited ‎02-20-2020 11:13 PM

Hi everybody,

I have a central site with one 506E Pix and 5 remote sites connected using 501E Pix (IpSec Tunnels). Now I have to permit VPN clients to connect to the central site (no problem for this) but also they have to be able to access the remote sites, at least one of them.

For what I know, this can't be done using a 506E Pix but my question is... If got a 515E Pix with three interfaces could this be solved?

I would appreciate you answered me or suggested any other solution for the problem.

Thank you all in advanced!

0 Helpful
5 Replies 5

drolemc
Level 6
Level 6

‎02-12-2004 07:02 AM

What about creating another connection entry on your VPN client and configuring the 506 for accepting client connections. All that the remote user has to do is to choose the appropriate connection entry and connect using it.

0 Helpful

pression2
Level 1
Level 1
In response to drolemc

‎02-12-2004 07:32 AM

The 506E on central site is already configured to accept vpn connections.

The problem is that it connects on the outside interface of the Pix and therefore it cannot use the already setup tunnels used by the remote sites.

If you meant setting up several client connecting, each one of them pointing to the remote sites PIX's, the answer is Yes I can do that, but I want to make it simple for the user so he can establish a vpn client connection and have access to the entire network (or at least to one remote site).

0 Helpful

shabib.syed
Level 1
Level 1
In response to pression2

‎03-03-2004 11:51 AM

I dont think it is possible with any kind of PIX. Simply cause PIX cant route traffic coming from one interface and route it back to same interface. which means traffic coming from one VPN tunnel cant go out to another tunnel. You can use a Router making it a hub and rest being spoke. With router you will be able to acheive what you are trying to do.

0 Helpful

sergej.gurenko
Level 1
Level 1
In response to mostiguy

‎03-11-2004 11:47 AM

I'm agreeing with proposed solution. Good news also that PIX firmware 6.3 support VLANs. So you do not need separate physical interfaces. Possible next releases solve problems with VPN tunnel routing. Most firewall vendors made this decision - allow VPN routing through the HUB.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card