I'm in charge of two sites (two offices whose LAN are behind two Cisco firewalls respectively). Let's call my firewalls FW1 and FW2. I also have two Wifi routers *outside* the firewalls.
I have to run a VPN client to connect to a remote site (our customer's network) which is also using a Cisco firewall, called FWR. VPN connection can be established without problem. But my problem is when the PC running the VPN client is behind FW1 or FW2, I can't access remote hosts (ie those behind FWR). By that I mean, eg ping to remote hosts has no reply (remote hosts ARE allowed to reply on ping).
However, if the PC is connected to the Wifi routers or through a 56k modem dialup, I can access remote hosts without problem. Here are the technical details.
FW1 = Pix 515E ver 6.3(3)
LAN1 = 10.1.1.0//255.255.255.0
Site 2 :
FW2 = Pix 506E ver 6.3(3)
LAN2 = 172.16.0.0//255.255.0.0
Remote site :
FWR = no idea
VPN Pool = 10.20.23.48//255.255.255.240
At the beginning, I saw that my PC was assigned an IP address with a mask of 255.0.0.0. I thought that might be the cause of the problem since their VPN pool address is 10.0.0.0 and that englobes my LAN1's 10.1.1.0. I told the remote site's admin to force his firewall to assign the mask as 255.255.255.240. Now my PC has got this mask but the problem isn't resolved. I've run out of idea. Could someone shed some light on this matter?
I don't understand why I've no problem when the PC is outside the Cisco firewall but behind a Wifi router. Is there something I could do to my firewalls, FW1 and FW2? Or to do with remote firewall FWR?