Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
453
Views
0
Helpful
2
Replies

VPN Client routing issue

rtober
Level 1
Level 1

‎10-04-2001 02:54 PM - edited ‎02-21-2020 11:26 AM

Network layout:

VPN 3030 in parallel with PIX 520 6.0(1)

3030 split into internal, public

PIX split into internal, dmz and public

3030 and PIX both connected on internal side to CAT 6506 with L3

Problem:

If I connect to the 3030 using a VPN client (3.0) from the outside and I assign a pool-address from the same subnet as the internal network, the client has no issues connecting to the internal or DMZ leg of the PIX. If I assign a pool-address using some other private subnet, the Client can browse the internal but not the DMZ.

I've added subnet route statements to the 6506 to forward the pool-address back to the 3030 and not out to the PIX (default gateway for the 6506) but it doesn't help with the DMZ access. Static translations across the DMZ don't work either.

Any suggestions?

Thanks,

Ryan

Labels:
0 Helpful
2 Replies 2

pbunchuk
Level 1
Level 1

‎10-05-2001 04:46 AM

Do you have nat and routes statements on the PIX for the private subnet?

0 Helpful

rtober
Level 1
Level 1
In response to pbunchuk

‎10-08-2001 10:33 AM

Well - thought that might be the issue but I can't even ping the inside interface of the PIX through the 6506 when using different subnets (other than internal address range). I can ping other internal IP addresses just not the PIX. I do have routing statements in the 6506 to forward all replies back to the Concentrator gateway.

I tried setting up static statements across the interfaces but it didn't seem to help.

Ryan

0 Helpful
Customers Also Viewed These Support Documents