PIX 515 Route from Client VPN to separate IPSEC VPN device?

Unanswered Question
Oct 1st, 2008

I cannot get this to work? We have a pix 515 (6.3) that we use for remote user access and Internet access. We recently added a netscreen 50 to the mix, which connects us to our partner company via IPSEC VPN. The inside interface of both devices are on the same subnet. The remote user Cisco VPN users are on a different subnet. When remote users connect to our office via Cisco VPN client to the PIX, we cannot access the the netscreen inside interface or our partner compnay. Any tips, config examples? Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marwan ALshawi Wed, 10/01/2008 - 18:41

make sure u have nat exmption applied properly on the PIX to the VPN client address pool

on the netscreen make sure that net screen has a route to the vpn client address pool point to the inside pix interface ip address

on the pix u need to add a route that poin to the partner network point to the netscrren inside ip as well

on netscreen u need to include the client vpn address pool in the ipsec interesting traffic

i have no experience with netscreen but the above needs to be done to get ur network operational

good luck

if helpful Rate

dkraut Thu, 10/02/2008 - 11:21

thanks... I was just interested in what needs to be configured on the pix to allow remote access vpn users to connect to the pix and then be allow them to access a remote office over a separate ipsec vpn.

Marwan ALshawi Fri, 10/03/2008 - 05:44

do u have a route statment to the partner network point to the other firewall inside interface thorugh ur inside pix firewall ?

do u have the nat exmption configured correctly

good luck


This Discussion