Two remote sites can not talk to each other

xzjleo2005 · ‎07-28-2008

Hi friends,

Two VPN tunnels connect two remote sites to head office, both of them are working fine. But the two remote sites can not talk to each other, any ideas or solutions for this? Thanks.

Here are the equipments and version:

Head office: PIX515E 6.3

Remote site1: PIX501 6.3

Remote site2: Router 2800 12.4

Marwan ALshawi · ‎07-28-2008

have you check your NAT exmption ?

you need to add additional ACL to the nat exmpt and aslo ACLs for interesting traffic that should be sourced from one remote to another remote on the HQ device

the following link will be so helpful to your case

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807f9a89.shtml

good luck

rate if helpful

xzjleo2005 · ‎07-28-2008

Looks like it can not be done on 6.3 version. Anyway, thanks for your reply.

Marwan ALshawi · ‎07-28-2008

it should be possiable

also there is an other way to achive it

by useing easy vpn client and server

make both spokes as clients with RRI and the hub as server

by the way you need to issue the following command to allow the comunication between spokes through the hub

same-security-traffic intra-interface

command in the global configuration mode

HTH

xzjleo2005 · ‎07-28-2008

The version on my PIX is 6.3 which does not support the commands you mentioned. So maybe I need to upgrade to 7.x