PIX1 -> PIX2 -> PIX3 - PIX1 cant see PIX3 internal network..

Unanswered Question
Nov 25th, 2007

I have 3 PIX 515E running 7.2(3)

PIX1 can see PIX2 inside networks

PIX2 can see PIX1 and PIX3 inside networks

PIX3 can see PIX2 inside networks

PIX1 192.168.2.0/24

PIX2 192.168.104.0/24

PIX3 134.71.123.112/28

(I was not here for this numbering)

All running IPSec VPN between them. My guess is once this is figured out I should be able to figure out how to also connect Cisco VPN 3 clients to PIX2 to see all networks if not able to connect Cisco VPN 3 clients to PIX1 and PIX3 and see all networks as well.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Hello.

You should be able to quite easily add IPSEC client functionality to each of the PIX's.

As long as each PIX has its NAT 0 rules and ACL's for crypto updated to reflect connectivity for each other subnet.

You wll need to aplply the global command.

same-security-traffic permit intra-interface to allow traffic to "hairpin" or enter and exit the same interface.

You need to make these changes on each firewall.

Actions

This Discussion