Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1077
Views
0
Helpful
1
Replies

VPN to VPN Connections

genec
Level 1
Level 1

‎06-24-2003 05:06 AM - edited ‎02-20-2020 10:49 PM

I have a client using Cisco VPN Client to establish a VPN to a 3005 Concentrator. (Ver. 4.0.1) I am also using the 3005 to establish VPNs to remote PIX firewalls. The VPN Clients are using an address pool that is not on any other network.

Question: Can that client VPN to the 3005, and use an existing tunnel to a remote site? My intuition says no, since they are both being created on the external interface. I know it is possible to create a second tunnel on the PIX to route packets going to a specific IP range (i.e., the DMZ on the remote PIX), but that setup has only been tested from the internal networks (one tunnel to access the remote site's internal network, the other tunnel to access the DMZ). Can packets be routed from the 3005 to accomplish the same thing?

I can send a diagram if that will help. Any assistance would be appreciated.

0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎06-24-2003 10:05 PM

YEs, if the head-end device is a 3005 this will work. It will not work if the head-end device is a PIX though.

On the 3005, just include the VPN pool of addresses in the Local Subnet for the LAN-to-LAN tunnels (you'll probably need to create a Network List to do this), and on each remote PIX, add another line in its crypto and nat 0 ACL's that specify traffic from the local PIX subnet going to the VPN pool of addresses.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card