Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
0
Helpful
4
Replies

access from vpn remote access clients to site to site tunnel network

WILLIAM STEGMAN
Level 4
Level 4

‎09-27-2006 05:07 AM - edited ‎02-21-2020 02:38 PM

I have remote access vpn configured and a site to site tunnel. I'd like the remote access clients to be able to initiate a tunnel connection and have connectivity to the site to site tunnel network. So far I've been unable to get either. The remote access client scope is 192.168.8.0/24, the site 2 site is 192.168.64.0/24, and the corporate WAN is 10.4.0.0/16. I'm able to connect from VPN to the corporate network and I'm able to initiate the tunnel from either side of the tunnel. My routing looks ok, and I don't see anything in the PIX's logs. PIX 7 at one end, and PIX 6.3 at the other. Here are my vpn related access-lists

access-list nonat line 1 extended permit ip 192.168.64.0 255.255.255.0 10.4.0.0 255.255.0.0

access-list nonat line 2 extended permit ip 192.168.64.0 255.255.255.0 192.168.8.0 255.255.255.0

access-list nonat line 3 extended permit ip 10.0.0.0 255.0.0.0 192.168.8.0 255.255.255.0

access-list nonat line 4 extended permit ip 192.168.8.0 255.255.255.0 10.0.0.0 255.0.0.0

access-list nonat line 5 extended permit ip 192.168.8.0 255.255.255.0 192.168.64.0 255.255.255.0

access-list nonat line 6 extended permit ip 10.0.0.0 255.0.0.0 192.168.64.0 255.255.255.0

access-list 100 line 1 extended permit ip 192.168.64.0 255.255.255.0 10.4.0.0 255.255.0.0

access-list 100 line 2 extended permit ip 192.168.64.0 255.255.255.0 192.168.8.0 255.255.255.0

access-list 100 line 3 extended permit ip 10.4.0.0 255.255.0.0 192.168.64.0 255.255.255.0

access-list 100 line 4 extended permit ip 192.168.8.0 255.255.255.0 192.168.64.0 255.255.255.0

does anyone have any ideas?

thank you,

Bill

Labels:
0 Helpful
4 Replies 4

m.sir
Level 7
Level 7

‎09-27-2006 05:21 AM

Where is VPN for clients terminated on PIX 6.3 or on PIX 7.0???

PIX 6.3 does not route traffic received on one interface back out the same interface. Its possible with PIX 7.0

M.

0 Helpful

WILLIAM STEGMAN
Level 4
Level 4
In response to m.sir

‎09-27-2006 05:23 AM

remote access is configured on the pix 7.

0 Helpful

WILLIAM STEGMAN
Level 4
Level 4
In response to m.sir

‎09-27-2006 05:43 AM

are we talking about "hairpinning" on the pix? I can't seem to find much documentation for it. Nothing in the ASDM user guide, and google only kicks back a few posts and books for sale.

0 Helpful

WILLIAM STEGMAN
Level 4
Level 4
In response to m.sir

‎09-27-2006 05:52 AM

I did find this

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080552364.html#wp1042114

i entered teh same-security-traffic permi intra-int command, but I see no change.

0 Helpful
Customers Also Viewed These Support Documents