I have 2 ISPs. I have internal VLANs on PIX1 unit and use ISP1 for that traffic and our main network is on 10.10.10.x. I am planning to build VPNs to all my client networks from ISP2 through a different PIX2 unit. The VPNs are for remote support purposes and to login the client servers from my location. They will be on different networks other than 10.10.10.x. But I would like to access these servers on VPNs through my 10.10.10.x network as well.
So I would like to know if it is possible to route traffic from PIX1 to PIX2 unit so 10.10.10.x can access client LANs. Please advise
Well a really simple solution would involve a router on the 10.10.10.x - the router would handle the IP subnet routing to point to PIX2.
I assue that you do not have a router, so PIX1 would have to perform this function.
Lets assume that PIX1 IP address is 10.10.10.1 and PIX2 is 10.10.10.2. For the LAN segement the default gateway is PIX1 - so all traffic will be passed into PIX1. In PIX1 you have static routes for the remote VPN subnets that point to PIX2. Depending on the version of PIXos you are running, you need to have same-security-traffic permit intra-interface enabled.
You will perform some NAT at some point the 10/8 is pretty common and widely used.