Routing to remote site network

Unanswered Question
Nov 13th, 2007
User Badges:

Hi, I have a question about routing, or maybe lack of it in following environment.

2 sites each with a PX 515, neither have internal routers.

SiteA network address

SiteB network address

both sites are conencted by a site to site VPN tunnel, allowing users in either site to use resources etc on the other site.

User can connect to siteA remotely using Cisco VPN software, authenticate and be assigned IP address in range to, DNS and default gateway assigned the same as those on internal network. eg DNS= and gateway is In both cases the default gateway is the internal IP address of the PIX.

This is fine provided the user only needs access to resources inside the network of SiteA. They cannot connect to SiteB at all, cannot ping as it returns Request timed out.

Is there anyhting that can be done to allow access to SiteB for those remote connecting with VPN client?

Is there a requirement for a router to be introduced?

Thanks in advance for any sugges

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Edison Ortiz Tue, 11/13/2007 - 13:59
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

> Is there a requirement for a router to be introduced?

Yes, as the PIX is not a router. It only forwards packets from one interface to another, it does not redirect traffic back to the same interface it came from.

When you client vpn into the PIX, you are entering via the public interface and that interface is the same one being used for the SiteB connection.

You need a router to make this work.

Collin Clark Tue, 11/13/2007 - 13:59
User Badges:
  • Purple, 4500 points or more

You should be able to add the SiteB address space as part of the remote access no NAT and interesting VPN traffic (on the SiteA PIX). You will also need to add your remote access network [] to SiteB PIX's routing.

HTH and please rate.


This Discussion