07-06-2007 08:48 AM - edited 02-21-2020 03:08 PM
We have a remote access VPN and a site-to-site VPN. Both work fine except that clients of the remote access VPN can not access hosts on the site-to-site VPN.
We are 10.5.5.0
Site-to-Site VPN goes to 10.2.2.0
Remote access clients can access anything on 10.5.5.0 but nothing on 10.2.2.0.
What needs to be done to allow this to happen?
07-06-2007 09:04 AM
Is this ASA/PIX 7?
You need to add the traffic between the lans to the nat exemption and crypto acls on the firewalls.
Headend Firewall
same-security-traffic permit intra-interface
access-list
Remote Firewall
access-list
access-list
Also, if you are split tunnelling you need to add the remote subnet to be tunneled.
Please rate helpful posts.
07-06-2007 09:18 AM
BTW, realized I was using the wrong account.
Thank you!
PIX 506E (6.3) is local, PIX 515E (7.0) is remote.
I am getting "Command failed" when I attempt to execute:
same-security-traffic permit intra-interface
Thoughts?
07-06-2007 09:30 AM
Sorry, it won't work that way with pix 6.
07-06-2007 09:33 AM
Is there another option besides using two different remote access VPNs for each client?
07-06-2007 09:42 AM
Not that I know of. The problem is version 6 will not let you u turn traffic out the same interface it arrived on. It would work if the version 7 was headend and version 6 was at remote site.
07-06-2007 11:17 AM
Is it possible to upgrade the v. 6 to v. 7?
07-06-2007 11:20 AM
The PIX 501, PIX 506/506E, and PIX 520 security appliances are not supported in software Version 7.0.
07-06-2007 09:44 AM
Hi
Do you have a router behind your Pix 506 or is it just a single subnet behind the pix ?
Jon
07-06-2007 11:16 AM
Just a single subnet behind the PIX.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: