Re: Remote Users & Site-to-Site VPN

mcsfirewall · ‎05-23-2005

Hey everyone,

Here's my question:

We have all remote VPN users log into our resident firewall here at the corporate office. The internal addresses here are 192.168.1.xxx. We have a site-to-site VPN setup on the same firewall to a remote office. The internal addresses in the remote office are 192.168.2.xxx. All remote clients logging into the VPN receive a 172.16.1.xxx address.

The remote users are unable to access any resources on the 192.168.2.xxx network (the remote office). They can access the 192.168.1.xxx network perfectly.

How can I give the remote users (172.16.1.xxx) access to the remote office (192.168.2.xxx) resources? Can it even be done?

Thanks!

mostiguy · ‎05-23-2005

Are you using a pix? what version? Only pix OS 7.0, which runs on 515,525 and 535 pixen support such configurations. PIX os 7.1 will support 501 and 506 pixen, but is not yet out

mcsfirewall · ‎05-23-2005

Yes, we are using a PIX 515e on both ends of the site-to-site connection. Sorry I didn't list that in the original post.

Thanks

mostiguy · ‎05-23-2005

If you pix is under a support contract, then, provided you also buy the ram upgrade for it, can upgrade it to 7.0 to support such a config.

mnieuwendijk · ‎05-24-2005

Hi

I encounterd the same problem.

I solved in an different way.

The problem is that no traffic is permitted between the same security level interfaces.

So i made a side step.

I configured vlan's in an dmz interface with an different outside ip adres.

I connect the site to site vpn's on that interface, and the remote clients on the other interface.

Than it is possible to configure acl's between that interfaces. and that solves the problem.

So i did not need to upgrade to version 7.0

Greatings Marc