Remote Site and Site-to-Site VPN Combination

Unanswered Question
Apr 29th, 2009
User Badges:


I am trying to design a VPN solution (Network Diagram attached). Requirement is to allow remote site VPN user to get into offshore network and then that user should access onsite application through existing site-to-site tunnel between onsite and offshore network.

Remote user can successfully get into offshore network but he is not able to access onsite application through existing site-to-site VPN tunnel. I checked the PIX firewall logs and it showing me error with syslog ID 302014(Flow is a loopback).

Has anybody worked on such design?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

What version of IOS is the PIX running? You need 3 things:-

1) Allow the remote VPN IP Subnet in the encryption domain for the site-2-site - both ends

2) Ensure the remote VPN IP subnet is included in the no-nat config.

3) "Same security traffic" is permited - only in PIX IOS ver 7.x/8.x only.

HTH> Wed, 04/29/2009 - 06:30
User Badges:

Thanks for your quick response.

IP pool which I used for remote VPN users is a part of the internal subnet used in site-to-site encryption domain. Hence first two points mentioned by you are covered. I did try 'same-security-traffic permit intra-interface' but that didn't make any difference. I am still getting the same error.


This Discussion