PIX1 -> PIX2 -> PIX3 - PIX1 cant see PIX3 internal network..

Unanswered Question
Nov 25th, 2007
User Badges:

I have 3 PIX 515E running 7.2(3)

PIX1 can see PIX2 inside networks

PIX2 can see PIX1 and PIX3 inside networks

PIX3 can see PIX2 inside networks




(I was not here for this numbering)

All running IPSec VPN between them. My guess is once this is figured out I should be able to figure out how to also connect Cisco VPN 3 clients to PIX2 to see all networks if not able to connect Cisco VPN 3 clients to PIX1 and PIX3 and see all networks as well.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


You should be able to quite easily add IPSEC client functionality to each of the PIX's.

As long as each PIX has its NAT 0 rules and ACL's for crypto updated to reflect connectivity for each other subnet.

You wll need to aplply the global command.

same-security-traffic permit intra-interface to allow traffic to "hairpin" or enter and exit the same interface.

You need to make these changes on each firewall.


This Discussion