Cisco VPN Client & PIX Firewall

itsupport · ‎12-23-2003

Cisco VPN Client: v4.0.3C

PIX Firewall (525): 6.3(3)

MD Network: 172.16.2.0/24

CA Networks: 10.5.1.0/24, 10.1.0.0/24

VPN Client Network: 192.168.2.0/24

MD Network|----(VPN)----|CA Networks

|

(Client VPN)

|

Home Workstation

My client workstation can connect to my PIX and authenticate just fine. DNS and WINS is working for the MD Network also. I'm unable to access any resources on the CA Networks (i.e. unable to remote desktop servers, unable to ping, unable to map drives, etc.)

Let me know if you have any ideas. I can post my configs.

mostiguy · ‎12-24-2003

You are making a vpn connection to the MD network, and cannot access resources on the CA network? This is to be expected.

The vpn client makes a request for a CA resource. This goes thru the tunnel to the MD pix, entering the outside interface. The pix would then have to send it back out the outside interface thru the tunnel to the CA pix. PIX will not do this - they will not send packets out the interface they came in on. You are best off configuring the CA pix for remote user access as well - even if the pix acted as you wish, performance would be laggy because everything had to go thru the MD pix.