Two remote sites can not talk to each other

Unanswered Question
Jul 28th, 2008
User Badges:

Hi friends,


Two VPN tunnels connect two remote sites to head office, both of them are working fine. But the two remote sites can not talk to each other, any ideas or solutions for this? Thanks.


Here are the equipments and version:


Head office: PIX515E 6.3

Remote site1: PIX501 6.3

Remote site2: Router 2800 12.4

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
Loading.
Marwan ALshawi Mon, 07/28/2008 - 18:15
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

have you check your NAT exmption ?

you need to add additional ACL to the nat exmpt and aslo ACLs for interesting traffic that should be sourced from one remote to another remote on the HQ device

the following link will be so helpful to your case


http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807f9a89.shtml


good luck


rate if helpful

xzjleo2005 Mon, 07/28/2008 - 20:13
User Badges:

Looks like it can not be done on 6.3 version. Anyway, thanks for your reply.

Marwan ALshawi Mon, 07/28/2008 - 20:43
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

it should be possiable

also there is an other way to achive it

by useing easy vpn client and server

make both spokes as clients with RRI and the hub as server


by the way you need to issue the following command to allow the comunication between spokes through the hub


same-security-traffic intra-interface

command in the global configuration mode

HTH

xzjleo2005 Mon, 07/28/2008 - 20:47
User Badges:

The version on my PIX is 6.3 which does not support the commands you mentioned. So maybe I need to upgrade to 7.x

Actions

This Discussion