Double VPN Issue ????

cbigas · ‎07-28-2004

We have the following issue;

1. Main Office PIX to remote site router VPN connection

2. Cisco VPN clients connect to Main Office PIX

We can communicate with remote site via PIX & router tunnel, but when someone is travelling and VPN's into the PIX they cannot connect to remote office.

Any suggestions ???

ethiel · ‎07-28-2004

To the best of my knowledge, this is not supported on the PIX because it would require the PIX to send the packet back out the interface it received it on. The workaround I have heard most often is setting up a node on the local LAN to proxy connections through to get to the remote LAN.

Please feel free to correct me if this behavior has changed recently.

Richard Burts · ‎07-30-2004

At a customer site we looked at this issue and decided to terminate site to site VPNs on a router instead of on a PIX because terminated on a router does allow remote VPN connections to communicate with other remote VPN sites. The PIX does not allow this in current code.

HTH

Rick

HTH

Rick

rbradfield · ‎08-01-2004

Rick, this is a follow on,

with your VPN connected sites, do you have vpn clients connecting to those sites as well, if so do you have a router config example, all the examples I can find on CCO usually have site to site, or site to pc client config not both on the same router.

thanks

RB

Richard Burts · ‎08-02-2004

Richard

I do not have a sample config with both clients and site to site on the same router. In this customer environment we do site to site terminated on routers and we do PC client termination on a VPN concentrator. This makes it easier to PC clients to get to anywhere they want and helps get around the restriction of going back out the same interface as the traffic entered on.

HTH

Rick

HTH

Rick

rbradfield · ‎08-03-2004

OK,

Will most probably go down the that track, just wanted to get something going in the short term.