PIX1 -> PIX2 -> PIX3 - PIX1 cant see PIX3 internal network..

Unanswered Question
Nov 25th, 2007
User Badges:

I have 3 PIX 515E running 7.2(3)


PIX1 can see PIX2 inside networks

PIX2 can see PIX1 and PIX3 inside networks

PIX3 can see PIX2 inside networks


PIX1 192.168.2.0/24

PIX2 192.168.104.0/24

PIX3 134.71.123.112/28

(I was not here for this numbering)


All running IPSec VPN between them. My guess is once this is figured out I should be able to figure out how to also connect Cisco VPN 3 clients to PIX2 to see all networks if not able to connect Cisco VPN 3 clients to PIX1 and PIX3 and see all networks as well.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Hello.


You should be able to quite easily add IPSEC client functionality to each of the PIX's.


As long as each PIX has its NAT 0 rules and ACL's for crypto updated to reflect connectivity for each other subnet.


You wll need to aplply the global command.


same-security-traffic permit intra-interface to allow traffic to "hairpin" or enter and exit the same interface.


You need to make these changes on each firewall.



Actions

This Discussion