03-13-2009 08:12 AM - edited 03-11-2019 08:04 AM
I'm trying to resolve a routing issue with our VPN client connections to corporate site PIX firewalls and can't seem to figure it out. I connect all of our corprate sites with PIX VPN Site-to-Site links, staff in each remote office can connect to their office with Cisco VPN clients to the "local" Pix. Some web services are hosted at the main corporate site that they now need to access. Is there a way to configure a route where the remote VPN client user connects to their local corporate office but can still route back to the main corporate office for some web services? Right now they connect for some things through their office but then have to disconnect and establish a VPN connection with the main office for other services.
Thanks, nick
03-13-2009 08:44 AM
Do you have the command same-security traffic permit intra-interface on each of your PIXes??
03-13-2009 08:52 AM
I don't, I just found the command in another post for a different issue but wasn't sure if it would work in this scenario. I was just starting to check how to apply it, is there anything special when entering? Any additional commands needed? Also, two sites are using Pix 506e devices and I'm not seeing the command available in the CLI config.
03-13-2009 09:30 AM
Just go in to global config mode and enter it. As for the 506e, I believe the command was added in version 7.0(1) and the 501/506/506E platforms are not supported on this version.
03-13-2009 10:26 AM
Thanks, I should be able to test it at our corporate site by adding it to the config and then pinging and outside address? I was already looking at replacing the 506e's so I may need to do it sooner than expected.
nick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide