Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
550
Views
0
Helpful
7
Replies

How to permit multiple VPN clients to access each other while connected ..

okeblawi
Level 1
Level 1

‎03-16-2005 01:21 PM - edited ‎02-21-2020 01:40 PM

I have a 3005 and multiple VPN clients using 4.*+ software. Is it possible for the clients to ping/access the other clients computer while both are connected?

Can someone point me in the right direction?

Thanks, ~Mike

Labels:
0 Helpful
7 Replies 7

sachinraja
Level 9
Level 9

‎03-16-2005 11:52 PM

Hi Mike,

Yeah.. it is possible.. If the IPs of all the clients are in the same subnet, they will be able to ping each other.. make sure you dont enable firewall on the vpn clients.. when two clients are connected, they get IP addresses eg 10.0.0.1,10.0.0.2.. they are virtually on the same lan and can access each other..

this is considered a major security breach.. so, people normally enable firewalls and split tunnels to restrict access between the clients....

hope u got it..

Raj

0 Helpful

okeblawi
Level 1
Level 1
In response to sachinraja

‎03-17-2005 09:04 AM

Thanks Raj,

I 'thought' I had the firewalls off ... and everyone is indeed in the same subnet (network list)... I need to double (& triple) check my settings on the concentrator I guess ..

Thanks for your repsonse =)

~ Mike

0 Helpful

sachinraja
Level 9
Level 9
In response to okeblawi

‎03-17-2005 01:38 PM

Let us know Mike in case you have any problems... rate replies if useful !!!

0 Helpful

okeblawi
Level 1
Level 1
In response to sachinraja

‎03-17-2005 01:47 PM

I'm getting a little closer .....

The "public" filter on my public interface is causing the problem in my case. If I switch the filter on the pub. interface to the 'private' filter (ie any-in, any-out) everything works great. BUT .. if I create a new filter (even with any-in, any-out) .. it doesn't seem to work?

I must be missing something ...

Thanks .. ~Mike

0 Helpful

marcelo.zilio
Level 1
Level 1
In response to okeblawi

‎03-21-2005 11:32 AM

I got same problem in a PIX 506E. The clients 4.0.3 has the firewall off and they're in the same network, but I can't ping or access each other...

What else can I do?

thanks in advance

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-21-2005 03:30 PM

No, it is not possible.

0 Helpful

okeblawi
Level 1
Level 1
In response to Philip D'Ath

‎04-25-2005 12:39 PM

Update:

I was able to get this to work by moving the 3005's Public interface to the DMZ behind our PIX 515. (the 3005's public interface was directly on the Internet before). Then I assigned the "Private (default)" filter on the Public interface (making a new or duplicate filter doesn't work? .. has to be the "Private (default)" filter?).. I opened the appropriate ports on the PIX .. and it worked!

Not my ideal configuration .. but it works none the less.

~Mike

0 Helpful
Top