cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
294
Views
0
Helpful
2
Replies

Routing between 2 VPN Tunnels

thlimatelsinc
Level 1
Level 1

I have a referring doubt… to the PIX.

My customer has a Tunnel VPN with another country, the users who use VPN Client make authentication in a Radius Server who if finds “inside” of this Tunnel, when the users of VPN Client try to arrive in this Server, the PIX is not routing for this Tunnel, the users of VPN Client does not obtain to legalize itself.

Somebody has some idea of as to carry through this configuration?

Regards,

Thiago

2 Replies 2

Vikas Saxena
Cisco Employee
Cisco Employee

Hello,

Do you mean that you have VPN clients terminating into the PIX which get authenticated to a RADIUS server which is in a L2L tunnel terminating to the same PIX.

If this is the setup then I would say that you can't make this happen because it will be U turning the traffic on the PIX. assuming you have only one public interface. In case you have 2 public interfaces, you can keep your VPN clients on the outside and you can terminate your L2L with RADIUS on the third interface. That way it is possible. Now you need to dig through the command ref to find the command which is needed to source the auth packet from an interface, source it from inside. There is a command in aaa config which can do this for you (I forgot). You can also look management access inside command in the PIX .

Vikas

Hi .. I think I have read on this forum a previous post mentioning that version 6.3.5 does support U-turn .. you might want to double check this, as that could be your issue.