VPN Routing Issue

Unanswered Question
Mar 13th, 2009
User Badges:

I'm trying to resolve a routing issue with our VPN client connections to corporate site PIX firewalls and can't seem to figure it out. I connect all of our corprate sites with PIX VPN Site-to-Site links, staff in each remote office can connect to their office with Cisco VPN clients to the "local" Pix. Some web services are hosted at the main corporate site that they now need to access. Is there a way to configure a route where the remote VPN client user connects to their local corporate office but can still route back to the main corporate office for some web services? Right now they connect for some things through their office but then have to disconnect and establish a VPN connection with the main office for other services.

Thanks, nick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gesadmin1 Fri, 03/13/2009 - 08:44
User Badges:

Do you have the command same-security traffic permit intra-interface on each of your PIXes??

nhelms Fri, 03/13/2009 - 08:52
User Badges:

I don't, I just found the command in another post for a different issue but wasn't sure if it would work in this scenario. I was just starting to check how to apply it, is there anything special when entering? Any additional commands needed? Also, two sites are using Pix 506e devices and I'm not seeing the command available in the CLI config.

gesadmin1 Fri, 03/13/2009 - 09:30
User Badges:

Just go in to global config mode and enter it. As for the 506e, I believe the command was added in version 7.0(1) and the 501/506/506E platforms are not supported on this version.

nhelms Fri, 03/13/2009 - 10:26
User Badges:

Thanks, I should be able to test it at our corporate site by adding it to the config and then pinging and outside address? I was already looking at replacing the 506e's so I may need to do it sooner than expected.



This Discussion