Showing results for 
Search instead for 
Did you mean: 

VPN Routing Issue


I'm trying to resolve a routing issue with our VPN client connections to corporate site PIX firewalls and can't seem to figure it out. I connect all of our corprate sites with PIX VPN Site-to-Site links, staff in each remote office can connect to their office with Cisco VPN clients to the "local" Pix. Some web services are hosted at the main corporate site that they now need to access. Is there a way to configure a route where the remote VPN client user connects to their local corporate office but can still route back to the main corporate office for some web services? Right now they connect for some things through their office but then have to disconnect and establish a VPN connection with the main office for other services.

Thanks, nick

4 Replies 4


Do you have the command same-security traffic permit intra-interface on each of your PIXes??

I don't, I just found the command in another post for a different issue but wasn't sure if it would work in this scenario. I was just starting to check how to apply it, is there anything special when entering? Any additional commands needed? Also, two sites are using Pix 506e devices and I'm not seeing the command available in the CLI config.

Just go in to global config mode and enter it. As for the 506e, I believe the command was added in version 7.0(1) and the 501/506/506E platforms are not supported on this version.

Thanks, I should be able to test it at our corporate site by adding it to the config and then pinging and outside address? I was already looking at replacing the 506e's so I may need to do it sooner than expected.


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: