Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
988
Views
0
Helpful
5
Replies

VPN to VPN

ddicky
Level 1
Level 1

‎06-07-2004 07:39 PM

I'm a remote VPN users which are connecting to a PIX A firewall VPN server.My PIX A is doing VPN tunnel to tunnel to PIX B which my main email server is sitting behind.My question is can I access my email server thru the remote vpn connection to PIX A and tunneling to PIX B as I don't have PIX B configured to accept remote VPN access.Or advise on any other Cisco device which can do it.

1 person had this problem
Labels:
0 Helpful
5 Replies 5

aacole
Level 5
Level 5

‎06-09-2004 05:57 AM

No you will not be able to do this using a PIX. PIX will not allow the same packet to enter and then leave by the same interface. However a router will alllow this when configured for VPN access.

So, either set up PIX B as a VPN server, or swap PIX A for a router with VPN and firewall support. My preference would be to retain the PIX's as I consider them to be more secure than the router option.

0 Helpful

ddicky
Level 1
Level 1
In response to aacole

‎06-09-2004 07:22 AM

thks,How about replacing PIX A with VPN concentrator as a termination point?Can the VPN concentrator etc 3020 do the job?

0 Helpful

satish77
Level 1
Level 1
In response to ddicky

‎06-13-2004 11:48 PM

yes replacing the PIX with a concentrator will definetly work or have a perimeter router in front of the B PIX and thsi will work as well, PIX will not allow you traffic two ways on one interface.

0 Helpful

MHNaveen
Level 1
Level 1

‎10-26-2024 11:16 PM

 

  • Enable Traffic Forwarding on PIX A: Configure PIX A to allow traffic from the remote VPN users to be forwarded through the VPN tunnel to PIX B. This often involves creating an access list on PIX A to permit traffic from the VPN pool towards the IP range of devices behind PIX B.

  • Configure NAT Exemptions: Ensure that traffic between the remote VPN users and resources on PIX B is exempt from NAT if necessary. This is done by setting up NAT exemption rules for VPN traffic.

  • Check Security Policies and Routing: Ensure that both firewalls have proper security policies and routing in place. PIX B should have routes that direct return traffic for remote users back to PIX A through the tunnel.

 

0 Helpful

georgehenry6672
Level 1
Level 1

‎10-26-2024 11:32 PM

Yes, you can access your email server behind PIX B through your remote VPN connection to PIX A, as long as PIX A is configured to route traffic through the tunnel to PIX B. Here’s how to make it work:

  1. Configure Split Tunneling: Ensure PIX A’s VPN setup allows split tunneling so that traffic destined for the network behind PIX B routes through the VPN tunnel.

  2. Set Up Routing on PIX A: On PIX A, configure a route to send traffic destined for the email server’s network (behind PIX B) through the existing tunnel to PIX B.

  3. Access Control: Ensure that appropriate access lists on PIX A and PIX B allow VPN traffic between the remote client and the email server’s IP range.

0 Helpful
Customers Also Viewed These Support Documents