07-26-2008 07:46 AM - edited 03-09-2019 09:10 PM
Hi,
I have a PIX 501 with a VPN configured (pool addresses are 172.1.1.0) which enables communication to the "inside" subnet (10.1.2.0) - this works fine. Now I want to extend that so that users connected to this VPN can also communicate to machines on the "outside" subnet (10.1.1.0) and out to the Internet (via gw 10.1.1.1). Is this possible? Appreciate any help!
07-26-2008 08:00 AM
Hello Dan,
You have to permit the traffic that enterst the interface to exit the same interface, which is accomplished by "same-security-traffic permit intra-interface" command. But unfortunately, this command exists in IOS version 7.2 or greater.
Regards
07-26-2008 10:05 AM
Thanks for the quick answer. I guess there are no work arounds? Guess I'll just have to put the machines I want to access behind the PIX. Thanks again!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide