07-28-2004 02:41 PM
We have the following issue;
1. Main Office PIX to remote site router VPN connection
2. Cisco VPN clients connect to Main Office PIX
We can communicate with remote site via PIX & router tunnel, but when someone is travelling and VPN's into the PIX they cannot connect to remote office.
Any suggestions ???
07-28-2004 02:51 PM
To the best of my knowledge, this is not supported on the PIX because it would require the PIX to send the packet back out the interface it received it on. The workaround I have heard most often is setting up a node on the local LAN to proxy connections through to get to the remote LAN.
Please feel free to correct me if this behavior has changed recently.
07-30-2004 09:14 AM
At a customer site we looked at this issue and decided to terminate site to site VPNs on a router instead of on a PIX because terminated on a router does allow remote VPN connections to communicate with other remote VPN sites. The PIX does not allow this in current code.
HTH
Rick
08-01-2004 10:10 PM
Rick, this is a follow on,
with your VPN connected sites, do you have vpn clients connecting to those sites as well, if so do you have a router config example, all the examples I can find on CCO usually have site to site, or site to pc client config not both on the same router.
thanks
RB
08-02-2004 07:32 AM
Richard
I do not have a sample config with both clients and site to site on the same router. In this customer environment we do site to site terminated on routers and we do PC client termination on a VPN concentrator. This makes it easier to PC clients to get to anywhere they want and helps get around the restriction of going back out the same interface as the traffic entered on.
HTH
Rick
08-03-2004 12:30 AM
OK,
Will most probably go down the that track, just wanted to get something going in the short term.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide