08-06-2002 10:54 AM - edited 02-21-2020 11:59 AM
I have a pix to vpn client configured. The pix has multiple dmz's, the problem is that my client cannot access all dmz's. I can access the inside network no problem, but when I try and ping a device directly connected to another interface I don't recieve a response. When I debug on the pix, I see the request and a reply but my computer with the client doesn't get a response. My access-list is getting hit so I know that the traffic is seen as being interesting.
08-06-2002 11:31 AM
You may want to read this conversation "SPLIT-TUNNEL". You should be able to ping the host on the dmz but you will not be able to establish a TCP/UDP connection. This is so because the PIX does not support asymmetric routing. Everything will work fine with the inside interface.
08-06-2002 02:10 PM
I have found a way to make this work but have not been able to test other than ping. The soulution I used is to the following command to a router that is in my inside network. "route (inside) client network, routers interface" This seems to work give it a try and let me know
08-07-2002 05:02 AM
Pinging the host on the "dmz" is not a problem. Like I said before, you will only be able to ping but not be able to establish any TCP/UDP connection.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide