07-28-2008 05:07 PM
Hi friends,
Two VPN tunnels connect two remote sites to head office, both of them are working fine. But the two remote sites can not talk to each other, any ideas or solutions for this? Thanks.
Here are the equipments and version:
Head office: PIX515E 6.3
Remote site1: PIX501 6.3
Remote site2: Router 2800 12.4
07-28-2008 06:15 PM
have you check your NAT exmption ?
you need to add additional ACL to the nat exmpt and aslo ACLs for interesting traffic that should be sourced from one remote to another remote on the HQ device
the following link will be so helpful to your case
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807f9a89.shtml
good luck
rate if helpful
07-28-2008 08:13 PM
Looks like it can not be done on 6.3 version. Anyway, thanks for your reply.
07-28-2008 08:43 PM
it should be possiable
also there is an other way to achive it
by useing easy vpn client and server
make both spokes as clients with RRI and the hub as server
by the way you need to issue the following command to allow the comunication between spokes through the hub
same-security-traffic intra-interface
command in the global configuration mode
HTH
07-28-2008 08:47 PM
The version on my PIX is 6.3 which does not support the commands you mentioned. So maybe I need to upgrade to 7.x
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide