PiX 506 with VPN and TWO IP-Networks in the inside

Unanswered Question
May 11th, 2009

Hello,

I got a question regarding a PIX506 with Site-to-Site VPN and TWO IP-Networks on the inside.

Currently I got a PIX 506 running with ONE IP-Network (172.16.200.0/24) on the inside and several Site-to-site VPN-Connections on the PIX. The Remote-Sites access Servers in the 172.16.200.0/24 Network.

Everything works fine.

Now I need to connect a new Remote Site which unfortunately uses the 172.16.0.0/16 IP-Network in his own Network. The Idea was to put a new IP-Network (something like 10.230.200.0/24)on Windows Servers in the inside of the PIX and make the PIX see those and route them through the VPN.

I did not find a solution to do that yet.

Is that possible at all with a PIX 506 and if yes HOW ?

If it is not possible what kind of Hardware would I need (ASA ?)

Thankx a lot for any help on this issue.

Dirk

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Fri, 05/15/2009 - 08:57

You can do it with the PIX. When you add a second internal network behind a PIX Firewall, keep in mind the following points.

The PIX cannot route any packets.

The PIX does not support secondary addressing.

A router has to be used behind the PIX to achieve routing between the existing network and the newly added network.

The default gateway of all the hosts should be set pointing to the inside router.

Add a default route on the inside router pointing to the PIX.

Remember to clear the Address Resolution Protocol (ARP) cache on the inside router.

Actions

This Discussion