Routing VPN client traffic back to IPSec tunnel on PIX

Unanswered Question
Mar 23rd, 2008

Hi Everyone,

Need to confirm this issue.

I have PIX515E with version 6.3(4).

We have configured this PIX as VPN gateway and also Lan-to-Lan VPN.

The issue here is that the VPN client subnet need to talk to subnet over the IPSec tunnel as well which I believe is not possible since they both route in/out the outside interface of the firewall.

Is my assumption is correct? Thanks in advance

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jay Johnston Mon, 03/24/2008 - 11:27

In versions less than version 7, the pix cannot route traffic out the same interface it was received on. Starting in version 7, this can be achieved with the command

'same-security-interface permit intra-interface'

So unfortunately what you want to do won't work with 6.3(4)


This Discussion