Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
417
Views
3
Helpful
3
Replies

VPN connectivity to branch offices

mitchen
Level 2
Level 2

‎09-07-2006 02:29 AM - edited ‎02-21-2020 02:36 PM

Remote User -- VPN Connection -- Head Office PIX -- Cisco router -- Head Office LAN

The Pix is running 6.3(3)

The Cisco router also has several leased line (serial) connections to branch offices.

Remote users can establish VPN connections, terminating on our head office PIX, and connect to resources on our head office LAN. However, they are unable to access any other subnets other than our main office subnet - for example, we have a number of branch offices connected by leased lines yet they are unable to access these locations.

If you are connected on our head office LAN, you have connectivity with everywhere - remote users connected over VPN and the branch offices connected by leased line.

I set up a capture on the PIX and when I try to ping from one of the branch offices connected by leased line to a remote user connected over VPN then I can see the echo requests coming in but no responses back from the remote user.

(A ping from the Head office LAN to the remote user is successful though so I don't think it's the case that the remote user is blocking ping)

Any suggestions on how I can establish connectivity between the remote users and the branch offices connected by leased line?

Labels:
0 Helpful
3 Replies 3

m.sir
Level 7
Level 7

‎09-07-2006 03:50 AM

We are using similar scenario without problems...What is split tunnel for VPN clients??? Did you permit all branches IPs in split tunnel????

It could be also routing issue are you able ping from pix to branches IPs????

M.

mitchen
Level 2
Level 2
In response to m.sir

‎09-07-2006 04:58 AM

Hi.

thanks for the suggestions.

I have all the branch office subnets configured in the split-tunnel access-list.

Yes, I am able to ping from the PIX to the branch office IP addresses.

I perhaps should have mentioned - this is only affecting remote users connecting from home using the Cisco VPN client. So is there something special that I need to consider in this case?

(For example, we have a few ADSL connected sites which have IPSEC VPN tunnels terminating on the Head Office PIX too - but they have no issues with establishing connectivity with the branch offices connected over leased lines)

I'm sure there is probably something simple I have overlooked but just can't think what it is!

Any more suggestions/advice?

Thanks.

0 Helpful

mitchen
Level 2
Level 2
In response to mitchen

‎09-07-2006 05:19 AM

PROBLEM RESOLVED!!!!

Please ignore this question! Turns out it worked all along - the problem was with the particular remote user rather than my set-up!

Tried it out with another user and it worked fine!

0 Helpful
Customers Also Viewed These Support Documents