OK, here is my setup: ASA 5505 - 192.168.3.1 PIX 501 - 192.168.1.1 PIX 501 - 192.168.1.2 The ASA and the first pix device (192.168.1.1) are connected via site-to-site VPN on the ASA side and the connection works great. I can access hosts in either direction from either network. I'm attempting to add the second pix device to the ASA's site-to-site configuration, but it's not working. I suspect it's because the devices are on the same subnet, but I'm hoing to find a workaround. When I have both PIX devices setup for site-to-site on the ASA, the VPN works only for the connection that has the highest priority. The device with the lower priority can only ping the 192.168.3.1 network, but full network connections fail. Is it possible to do this without changing the subnet on the second PIX?
... View more
Not sure what's going on here. We have one internal network at our location: 192.168.1.0/24. Pretty standard, I suppose. Anyhow, we have a Pix 501 handling our firewall and VPN needs. The VPN assign's remote clients addresses from the 192.168.2.0/24 range. Our Windows clients don't have a problem with this setup. For instance, when I connect from home using my XP SP2 setup, I am assigned an address of 192.168.2.209. I can communicate just fine with all machines on the 192.168.1.0/24 network without an issue. Now, on to the OS X (v10.3.9) install. I've got the client installed (v4.8) on the machine just fine. Configured the client to connect and everything goes well. I get a connection and I am assigned an IP address from the 192.168.2.0/24 range. My problems start when I try and access any machines on our local network, 192.168.1.0/24. I can't get anything out of them. They don't respond to pings or any other protocol. Interestingly enough, I can communicate with one adress only, 192.168.1.100. I can only assume something is off with the routing on the VPN side here. Why can I only communicate with 192.168.1.100 and all other addresses are unreachable? I'm hoping it is a configuration issue with the client that can be resolved easily, as I don't have direct access to the Pix 501 to configure it. Am I doing something wrong on the client end or do I need to smack my boss upside his head and have him configure the VPN differently?
... View more