06-05-2006 04:23 AM
I have a referring doubt to the PIX.
My customer has a Tunnel VPN with another country, the users who use VPN Client make authentication in a Radius Server who if finds inside of this Tunnel, when the users of VPN Client try to arrive in this Server, the PIX is not routing for this Tunnel, the users of VPN Client does not obtain to legalize itself.
Somebody has some idea of as to carry through this configuration?
Regards,
Thiago
06-05-2006 09:52 AM
Hello,
Do you mean that you have VPN clients terminating into the PIX which get authenticated to a RADIUS server which is in a L2L tunnel terminating to the same PIX.
If this is the setup then I would say that you can't make this happen because it will be U turning the traffic on the PIX. assuming you have only one public interface. In case you have 2 public interfaces, you can keep your VPN clients on the outside and you can terminate your L2L with RADIUS on the third interface. That way it is possible. Now you need to dig through the command ref to find the command which is needed to source the auth packet from an interface, source it from inside. There is a command in aaa config which can do this for you (I forgot). You can also look management access inside command in the PIX .
Vikas
06-05-2006 11:32 AM
Hi .. I think I have read on this forum a previous post mentioning that version 6.3.5 does support U-turn .. you might want to double check this, as that could be your issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide