11-25-2007 09:56 PM - edited 03-11-2019 04:35 AM
I have 3 PIX 515E running 7.2(3)
PIX1 can see PIX2 inside networks
PIX2 can see PIX1 and PIX3 inside networks
PIX3 can see PIX2 inside networks
PIX1 192.168.2.0/24
PIX2 192.168.104.0/24
PIX3 134.71.123.112/28
(I was not here for this numbering)
All running IPSec VPN between them. My guess is once this is figured out I should be able to figure out how to also connect Cisco VPN 3 clients to PIX2 to see all networks if not able to connect Cisco VPN 3 clients to PIX1 and PIX3 and see all networks as well.
11-26-2007 01:57 AM
Do you have a network diagram for this one?
-John
11-26-2007 07:56 PM
Hello.
You should be able to quite easily add IPSEC client functionality to each of the PIX's.
As long as each PIX has its NAT 0 rules and ACL's for crypto updated to reflect connectivity for each other subnet.
You wll need to aplply the global command.
same-security-traffic permit intra-interface to allow traffic to "hairpin" or enter and exit the same interface.
You need to make these changes on each firewall.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide