PC1 PC2

| |

------LAN1--- --LAN2-----

| |

|[10.16.1.1/24] |[10.16.2.1/24]

PIX515E-1 PIX515E-2

|[122.1.1.2/30] |[122.1.2.2/30]

| |

-----------Internet-(VPN)------

|

|[122.1.3.2/30]

PIX515E-3

|[10.16.3.1/24]

|

-------LAN3-------------------

| |

PC3 |[10.16.3.99]

DMZ----- Firewall (HQ office)

|[?.?.?.?]

|

-----------Internet----------

I am trying to connect VPN on PIX515Es(ver.6.3).

I could connect VPN for PC1, PC2, PC3 each other,

but not connect PC1,PC2 -> PIX515E-1 -> PIX515E-3 -> Firewall -> Internet.

(I can connect PC3 -> Firewall -> Internet.)

I want to know how to configure PIX515Es.

PIX515E-3 CONFIGURATION

PIX Version 6.3(5)

access-list nat0_acl permit ip 10.16.3.0 255.255.255.0 10.16.1.0 255.255.255.0

access-list nat0_acl permit ip 10.16.3.0 255.255.255.0 10.16.2.0 255.255.255.0

access-list crypt_10 permit ip 10.16.3.0 255.255.255.0 10.16.1.0 255.255.255.0

access-list crypt_20 permit ip 10.16.3.0 255.255.255.0 10.16.2.0 255.255.255.0

nat (inside) 0 access-list nat0_acl

nat (inside) 0 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.x.x.1.3.1 1

sysopt connection permit-ipsec

crypto map outside_map 10 ipsec-isakmp

crypto map outside_map 10 match address crypt_10

crypto map outside_map 10 set pfs group5

crypto map outside_map 10 set peer 122.1.1.2

crypto map outside_map 10 set transform-set ESP-AES-128-SHA

crypto map outside_map 20 ipsec-isakmp

crypto map outside_map 20 match address crypt_20

crypto map outside_map 20 set pfs group5

crypto map outside_map 20 set peer 122.1.2.2

crypto map outside_map 20 set transform-set ESP-AES-128-SHA

crypto map outside_map interface outside

isakmp enable outside

: